lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: tejani at (Bankim J. Tejani)
Subject: House approves spyware legislation

While good in principle, this legislation is hopelessly unenforceable 
and is almost certainly just election year politics.  Somebody knows 
this and is probably the 1 vote against it.  Think about it:

Say that this was a law and someone does what you say and changes your 
homepage or something similar with some spyware.  Here are somethings 
that any prosecutor or civil attorney would have to consider before 
pressing charges:

1) How can you prove what the setting was before?  It's one thing for 
you to know what it was, but another to prove it in a court of law.  
Otherwise it's your word versus theirs.

2) How can you find out who exactly was the person or company that took 
this action?  You're talking about a massive time undertaking to trace 
the packet data through every router between you and the accused.

3) Was their machine used by some hacker?  This, unfortunately (or 
fortunately, depending on how you see it), has been used in court and 
proved to be a successful defense.

4) What was the motive for changing your computer specifically?

5) What type of crime is appropriate?  Is it theft?  trespassing?  
moving your plant from your front yard to your back yard?

6) What is an appropriate sentence?  The five minutes you lost changing 
it back paid at your current salary?  A fine?   jail time?

I am not a lawyer, but only a little common sense about the law is 
needed here.  Some of these issues apply not only to this law, but all 
forms of cyber-related law.  Few organizations have successfully 
prosecuted under any form of cyber law.  The most notable so far has 
been the RIAA, whose cases were never tested in court, but used to 
torque people into paying fines rather than facing legal bills that 
would bankrupt them.

If we keep passing unenforceable legislation, all we'll end up with is 
a tomb of law with hundreds of thousands of lawyers looking through it 
and an internet that's just as lawless as it is right now.  On second 
thought, keep passing those laws.  <<searching for LSAT book>>


On 06 Oct, 2004, at 19:09, RandallM wrote:

> <|>On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
> <|><> wrote:
> <|>> Great, Not that I'm any fan of spyware, but this is just
> <|>another law
> <|>> against hacking. Think - what's the difference between this and
> <|>> someone using XSS to "take control" of a computer? If you
> <|>r00t a box
> <|>> and deface the home page, then you've broken this law.
> <|>>
> <|>> <sigh> Instead of fixing the problem (poor software
> <|>security) we pass
> <|>> laws to punish the people who do the things that
> <|>illustrate the problem.
> <|>> Basic philosophical differences, blah blah blah ...
> <|>>
> <|>> Worst of all, do you really think that the spyware rackets
> <|>will slow
> <|>> down or cease because of this? Nope - they'll just migrate
> <|>out of the jurisdiction.
> <|>>
> <|>> -- Greg
> <|>End of Full-Disclosure Digest
> <|>
> I guess one has to decide if browser hijacking is not the taking of 
> personal
> property. I for one do not fine it amusing to open my browser and it 
> has
> been redirected to a hijacked page as my new Homepage!
> If this law would allow me...the user to bring down hell upon these 
> people
> then I'm all for it.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

Powered by blists - more mailing lists