Hi Lg
I am completing an LLM in International Commerce Law focusing on ecommerce and
computer crime (I am an academic junkie). Does this make me versed? Well it
will depend on the jusristiction and level of the court. First there is Civil
and Common law (and I am from a common law background). Next ther eis the issue
that the UK and continental Europe have joint EC treaties. Thus EC directives
overrule UK law.
Australian and NZ look at decisions in the UK, but they are not binding. The
US, though derived from commn law has it's own set of legistlation.
Next in places like the US and Australia there are Federal, State and other
levels of law. Some like deligated legistlation (eg councils) may only be
civilly acted.
The issues need to be looked at from criminal and civil angles. They are in no
manner the same. A course in basic jurisprudence would be good compulsory high
school course - it is amazing the lack of knowledge in our legal systems.
I will stay away from civil law. Although EU law does cause an overlaw, this is
an advanced topic and the basics nned to be defined first - well beyond the
scope of this post.
Common law is "judge made law". Although statutory law is made by parliment it
needs to be "interpreted" by the judiciary. This is where precedent come in.
Civil law does not place as much emphasis on precedent. The level of the court
also determined the weight of precedent.
The simple way to look at this is to look through the eyes of the judge. They
are not (generally) even remotely computer literate (with one or two exceptions
worldwide). They see this as a common law action in property.This is:
Is there damage to property?
Has there been a violation to the right to use property?
Was there access to the property without permission (eg tresspass)?
This does not mean that there was a criminal violation. There may only be a
civil (not the same as Civil) violation. There is a difference from civil and
criminal tresspass. Both get you into trouble - the issue is the level of
trouble.
Mathias did not access the systems or alter any data and cuased no damage from
what was stated. There is a weak arguement of theft of bandwidth, but this is
not likely to succeed (unless Mathias was silly enough to pleed quilty). He has
not thus (quite) commited a criminal offence. There is no way to demonstrate
the necessary Mens Rea (intent for all purposes - means guilty mind).
On the other hand, (and the US is a common law duristiction, Not Civil) he has
violated the civil law rights to property of the university. If he worked
there, they could use this to take action to sack him. They could also seek
damages. Being that he did not yet work there there is not a contractual etc
issue. This means that the Uni could seek to extract damages from Mathias in
Tort. I will not go into Tort here - it is a whole discipline in itself, but
let us just state damages for his actions (technically wrong I know, but this
is a gross oversimplification).
He will not end up in goal, but there are worse things. The damages claims in
the US are not like damages claims in Commonwealth countries. Damages in the US
can have you in debt for a long time.
The Restatement (Second) of Torts  217 defines trespass to chattels as
âintentionallyâ dispossessing another of the chattel, or using or
intermeddling with a chattel in the possession of another.â He has clearly
intermedded with the rights of the University to their property. This is not a
criminal act, but still is a breach of the legal rights of the Uni.
Read more on -
the tort of trespass to chattels.
writ of trespass de bonis asportatis.
intangible assets including choses in action
There would likely also be action in regards to the Tort of Invasion of privacy
Regard
Craig
-----Original Message-----
From: L G [mailto:nitziya74@hotmail.com]
Sent: Thu 23/03/2006 11:23 AM
To: security-basics@securityfocus.com
Cc:
Subject: Re: application for an employment
This is a good thread which begs further discussion.
My question is, at what point is it illegal? Do we have correspondents
on
this list better versed in the law? Obviously, based Randal's
experience,
you need to be careful in Oregon, but at what point is port scanning
illegal? And what are the precedents?
Is dig-ing illegal? Are not dns entries, domain names and associated ip
ranges, and net block owners all public knowledge?
I guess the crudest part of my question is, was Mathias picking a lock,
or
did he see a door hanging wide open?
And at what point is someone going through an open door versus looking
in a
window versus admiring someone's architecture from the street?
lg
----- Original Message -----
From: "Al Gettier" <agettier@tealeaf.com>
To: <security-basics@securityfocus.com>
Sent: Tuesday, March 21, 2006 1:57 PM
Subject: RE: application for an employment
What you did might be illegal without their permission. Take a look at
the
Randal Schwartz situation over 10 years ago:
http://www.lightlink.com/spacenka/fors/
-----Original Message-----
From: Steveb@tshore.com [mailto:Steveb@tshore.com]
Sent: Tuesday, March 21, 2006 7:14 AM
To: MatzeGuentert@gmx.de; security-basics@securityfocus.com
Subject: RE: application for an employment
Not if you want them to employ you. It's not good practice to probe
their
network without their permission. There may be a serious lack of trust
if
you reveal to them that you where doing so without going through proper
channels.
-----Original Message-----
From: Matthias GÃntert [mailto:MatzeGuentert@gmx.de]
Sent: Monday, March 20, 2006 7:46 AM
To: security-basics@securityfocus.com
Subject: application for an employment
Dear listmembers,
i am seeking for a new job as a Unix/Linux systemadministrator. There
has
been an advertisement at a well known university. So I started to
prepare my
self for the application. While collecting some information about the
network, using nmap, dig, etc... I was able to read the whole namespace
from
the ip range (255.255.0.0)
My question is should I use some of the information I have found out to
push
my application forward? What do you think how a director would react?
--
Mit freundlichen GrÃÃen
Matthias GÃntert
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Liability limited by a scheme approved under Professional Standards Legislation
in respect of matters arising within those States and Territories of Australia
where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If
you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may
not rely on this message as advice unless it has been electronically signed by
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments
due to viruses, interference, interception, corruption or unauthorised access.
