lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: ggilliss at (Gregory Gilliss)
Subject: House approves spyware legislation


Criminal trespass affects real property. Computers and cyberspace,
contrary to popular belief, do not constitute real property. However
you could be subject to prosecution for trespass to chattels. Chattels,
for the uninitiated, is a fancy legal term (FLT) used to refer to 
personal belongings. There is trespass to chattels and there conversion.
The was I understand it, trespass to chattels means I spray paint your
dog - my impact is temporary or reversable. Conversion means I throw
your dog in the microwave and turned it on. The effect is not reversable.
That's why you can't sue your veterinarian for malpractice. Dogs aren't 
people. Computers aren't real property. Remember, we're talking law here,
and my only reference is the American legal system.

Liability for trespass to chattels is limited to the damage done, and 
liability for conversion is limited to the cost of replacement. Needless
to say, this is ridiculous when it comes to valuations for data - the
cost of replacing your hard drive might be measurable, but the
cost of replacing your data is extremely intangible.

FWIW I do believe that hacking does not constitute criminal trespass. 
There are legal concepts like consent implied in fact associated with the
act of attaching a computer to an Internet known to be populated by people
and 'bots intent on compromising your security. 

-- Greg

On or about 2004.10.06 17:00:27 +0000, WB ( said:

> Interesting thoughts, but the fact remains hacking is illegal.
> It is criminal trespass.
> Look at it this way, someone breaks into your house defaces it to illustrate
> how insecure you are.  
> Your not going to like it.  Same holds true in the digital realm.
> I have no problem with breaking into systems in a lab and then reporting on
> the vulnerabilities.  That is constructive and helps us all.  
> However, doing it to production systems, can depending on the systems place
> lives at risk, more so then the vulnerability they exploit.
> It is up to industry to fix the software mess and until we stop buying bad
> software or congress overturns the EULA's that exempt the software industry
> from liability, they won't.
> Spyware, in most cases is about profit
> Anyway enjoyed your comments.
> UH

Gregory A. Gilliss, CISSP                              E-mail:
Computer Security                             WWW:
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Powered by blists - more mailing lists