Re: [Full-Disclosure] House approves spyware legislation

From: Eric Paynter (eric_at_arcticbears.com)
Date: 10/08/04

  • Next message: Marc Deslauriers: "[Full-Disclosure] [FLSA-2004:1868] Updated php packages fix security issues" 
    To: full-disclosure@lists.netsys.com
Date: Thu, 7 Oct 2004 16:08:57 -0700 (PDT)

    On Wed, October 6, 2004 8:18 pm, Bankim J. Tejani said:
    > 1) How can you prove what the setting was before? It's one thing for
    > you to know what it was, but another to prove it in a court of law.
    > Otherwise it's your word versus theirs.

    This is easy because the (perhaps soon to be) illegal action is usually
    automated and repeatable. Simply bring in the police to begin an
    investigation (usually happens before anybody is arrested, so the bad site
    will still be up). The police can set their browser, go to the website,
    note that the browser setting was changed (or whatever breach of the law),
    and record their actions and the results as evidence. This is enough to
    get a warrant which leads to...

    > 2) How can you find out who exactly was the person or company that took
    > this action? You're talking about a massive time undertaking to trace
    > the packet data through every router between you and the accused.

    It's not hard to find the physical location of a web server. Take the
    warrant, go to the location, and seize all of their equipment. Now you
    have a web server with an application that is performing an illegal
    action.

    > 3) Was their machine used by some hacker? This, unfortunately (or
    > fortunately, depending on how you see it), has been used in court and
    > proved to be a successful defense.

    That is a weak defense, and more often, especially with corporations, they
    are being held accountable for what their systems do. It is their
    responsibility to protect their systems. Phrases like "due diligence" come
    to mind...

    > 4) What was the motive for changing your computer specifically?

    To gather profiling information for marketing purposes. To put their
    marketing "in your face" so you see it more. In short, the motive is to
    earn more money.

    > 5) What type of crime is appropriate? Is it theft? trespassing?
    > moving your plant from your front yard to your back yard?

    As the bill says, the crime is that of altering the funcion of computer
    without authorization. This has nothing to do with theft or trespassing.
    It is a different type of crime, but it is (or perhaps soon will be) a
    crime nonetheless.

    > 6) What is an appropriate sentence? The five minutes you lost changing
    > it back paid at your current salary? A fine? jail time?

    If the bill is passed into law, there will be suggested minimum and
    maximum punishments, as with all laws. What's the point of this statement?

    > Few organizations have successfully prosecuted under any form of cyber
    > law. The most notable so far has been the RIAA, whose cases were never
    > tested in court, but used to torque people into paying fines rather than
    > facing legal bills that would bankrupt them.

    What? You are saying that organizations are not successful prosecuting and
    you site as an example an organization that is having such high success
    that people settle out of court rather than fight?

    I'm not suggesting that this bill is the greatest thing, but we do need to
    update the laws and there are ways to reduce cyber crimes. We can start
    trying today, maybe take a few tries to get it right. Or we can not start
    today, in which case, it will take longer to get it right. I suggest we
    start today.

    -Eric

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Marc Deslauriers: "[Full-Disclosure] [FLSA-2004:1868] Updated php packages fix security issues"

    Relevant Pages

    • Re: U.S. House panel to seek to keep Schiavo alive
      ... House passes Schiavo bill ... the U.S. House early Monday passed a bill on 203 to 58 vote ... court for a federal judge to review. ... and restraining order under the new law. ...
      (sci.med.transcription)
    • Re: Why Women Need Equal Female Representation:
      ... The bill by state Sen. Kevin Murray, D-Culver City, was thought to be ... shortchanged in divorce cases if their husbands were allowed to hide ... effective next year if it eventually were signed into law. ... allowed for the sealing of entire court records in divorce cases. ...
      (soc.men)
    • Re: Constitutional expret memointerrogatory
      ... if the US passed a law that said that anyone arrested ... preclude trial by legislature, a violation of the separation of powers ... Court struck down a statute that required attorneys to take an oath ... void as a bill of attainder a statute making it a crime for a member ...
      (rec.sport.football.college)
    • Re: NBC: Beating Up on Wal-Mart
      ... Where did you get your law degree, Joe's Bar and Grill and Law ... > A bill of attainder provides for _criminal punishment_ of a person ... Torres and all of his personal property from the Santa Ynez ... The court refused to grant summary ...
      (rec.music.artists.springsteen)
    • Re: Change!
      ... defendant for a crime committed under a certain section of the law ... The Supreme Court only bothered writing a decision so ... was too drunk to give her consent??When a woman is drunk, ...
      (rec.scuba)
    • Quantcast