[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <4C197480.32137.FAFAA35@nick.virus-l.demon.co.uk>
Date: Thu, 17 Jun 2010 13:04:00 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Congratulations Andrew
bk to wilder_jeff Wilder:
> > By that same standard.. if you leave your house unlocked.... does
> > that give someone the right to enter it?
> >
> > just my thoughts
>
> Sending from the right account this time...
>
> It wasn't an unlocked house. It was a table on the sidewalk with
> all the neighbors' Girlscout cookie order sheets on it. Someone
> just happened to pickup not only their order sheet, but everyone
> else's too.
That may be what _you_ see as a relevant analogy, but that's not how
most legal systems will see it. To most legal systems it matters not
that the folk ostensibly responsible for "protecting" the data
effectively just laid it all out (more or less) in public view. The
pertinent legal questions will likely revolve around whether the
accessor could reasonably claim they did not know they were not
authorized to access that data.
And how will the courts assess whether the accessor was authorized to
access that data? Simple -- they ask the "owner" of the data (AT&T)
who will surely say "we did not authorize the defendant to access that
data", and they will probably blandly add something like "and we took
industry-standard measures to reasonably protect the data against
unauthorized access". Whilst the latter is apparently rather easily
debunked, doing so is pretty irrelevant to defending an unauthorized
access" charge, as regardless of how easily (trivially in this case)
the access was obtained, the issue is "was that access authorized".
Many apparently stupid things have been built into our computer and
technology laws. These often don't actually make much sense if you
think the objective of such laws should be to encourage data guardians
to do a better job of their charge, but mostly these laws have been
made to make it relatively easy to obtain prosecutions.
> Think you could get a theft prosecution for that?
And touche' to Valdis' response making fun of this part of your post
too!
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists