Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: House approves spyware legislation
From: "Bankim J. Tejani" <tejani () alum rpi edu>
Date: Wed, 6 Oct 2004 23:18:12 -0400

While good in principle, this legislation is hopelessly unenforceable and is almost certainly just election year politics. Somebody knows this and is probably the 1 vote against it. Think about it:

Say that this was a law and someone does what you say and changes your homepage or something similar with some spyware. Here are somethings that any prosecutor or civil attorney would have to consider before pressing charges:

1) How can you prove what the setting was before? It's one thing for you to know what it was, but another to prove it in a court of law. Otherwise it's your word versus theirs.

2) How can you find out who exactly was the person or company that took this action? You're talking about a massive time undertaking to trace the packet data through every router between you and the accused.

3) Was their machine used by some hacker? This, unfortunately (or fortunately, depending on how you see it), has been used in court and proved to be a successful defense.

4) What was the motive for changing your computer specifically?

5) What type of crime is appropriate? Is it theft? trespassing? moving your plant from your front yard to your back yard?

6) What is an appropriate sentence? The five minutes you lost changing it back paid at your current salary? A fine? jail time?

I am not a lawyer, but only a little common sense about the law is needed here. Some of these issues apply not only to this law, but all forms of cyber-related law. Few organizations have successfully prosecuted under any form of cyber law. The most notable so far has been the RIAA, whose cases were never tested in court, but used to torque people into paying fines rather than facing legal bills that would bankrupt them.

If we keep passing unenforceable legislation, all we'll end up with is a tomb of law with hundreds of thousands of lawyers looking through it and an internet that's just as lawless as it is right now. On second thought, keep passing those laws. <<searching for LSAT book>>


On 06 Oct, 2004, at 19:09, RandallM wrote:

<|>On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
<|><ggilliss () netpublishing com> wrote:
<|>> Great, Not that I'm any fan of spyware, but this is just
<|>another law
<|>> against hacking. Think - what's the difference between this and
<|>> someone using XSS to "take control" of a computer? If you
<|>r00t a box
<|>> and deface the home page, then you've broken this law.
<|>> <sigh> Instead of fixing the problem (poor software
<|>security) we pass
<|>> laws to punish the people who do the things that
<|>illustrate the problem.
<|>> Basic philosophical differences, blah blah blah ...
<|>> Worst of all, do you really think that the spyware rackets
<|>will slow
<|>> down or cease because of this? Nope - they'll just migrate
<|>out of the jurisdiction.
<|>> -- Greg
<|>End of Full-Disclosure Digest

I guess one has to decide if browser hijacking is not the taking of personal property. I for one do not fine it amusing to open my browser and it has
been redirected to a hijacked page as my new Homepage!
If this law would allow me...the user to bring down hell upon these people
then I'm all for it.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]