| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: eric at arcticbears.com (Eric Paynter) Subject: House approves spyware legislation On Wed, October 6, 2004 8:18 pm, Bankim J. Tejani said: > 1) How can you prove what the setting was before? It's one thing for > you to know what it was, but another to prove it in a court of law. > Otherwise it's your word versus theirs. This is easy because the (perhaps soon to be) illegal action is usually automated and repeatable. Simply bring in the police to begin an investigation (usually happens before anybody is arrested, so the bad site will still be up). The police can set their browser, go to the website, note that the browser setting was changed (or whatever breach of the law), and record their actions and the results as evidence. This is enough to get a warrant which leads to... > 2) How can you find out who exactly was the person or company that took > this action? You're talking about a massive time undertaking to trace > the packet data through every router between you and the accused. It's not hard to find the physical location of a web server. Take the warrant, go to the location, and seize all of their equipment. Now you have a web server with an application that is performing an illegal action. > 3) Was their machine used by some hacker? This, unfortunately (or > fortunately, depending on how you see it), has been used in court and > proved to be a successful defense. That is a weak defense, and more often, especially with corporations, they are being held accountable for what their systems do. It is their responsibility to protect their systems. Phrases like "due diligence" come to mind... > 4) What was the motive for changing your computer specifically? To gather profiling information for marketing purposes. To put their marketing "in your face" so you see it more. In short, the motive is to earn more money. > 5) What type of crime is appropriate? Is it theft? trespassing? > moving your plant from your front yard to your back yard? As the bill says, the crime is that of altering the funcion of computer without authorization. This has nothing to do with theft or trespassing. It is a different type of crime, but it is (or perhaps soon will be) a crime nonetheless. > 6) What is an appropriate sentence? The five minutes you lost changing > it back paid at your current salary? A fine? jail time? If the bill is passed into law, there will be suggested minimum and maximum punishments, as with all laws. What's the point of this statement? > Few organizations have successfully prosecuted under any form of cyber > law. The most notable so far has been the RIAA, whose cases were never > tested in court, but used to torque people into paying fines rather than > facing legal bills that would bankrupt them. What? You are saying that organizations are not successful prosecuting and you site as an example an organization that is having such high success that people settle out of court rather than fight? I'm not suggesting that this bill is the greatest thing, but we do need to update the laws and there are ways to reduce cyber crimes. We can start trying today, maybe take a few tries to get it right. Or we can not start today, in which case, it will take longer to get it right. I suggest we start today. -Eric
Powered by blists - more mailing lists