Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: House approves spyware legislation
From: Gregory Gilliss <ggilliss () netpublishing com>
Date: Thu, 7 Oct 2004 12:53:33 -0700


Criminal trespass affects real property. Computers and cyberspace,
contrary to popular belief, do not constitute real property. However
you could be subject to prosecution for trespass to chattels. Chattels,
for the uninitiated, is a fancy legal term (FLT) used to refer to 
personal belongings. There is trespass to chattels and there conversion.
The was I understand it, trespass to chattels means I spray paint your
dog - my impact is temporary or reversable. Conversion means I throw
your dog in the microwave and turned it on. The effect is not reversable.
That's why you can't sue your veterinarian for malpractice. Dogs aren't 
people. Computers aren't real property. Remember, we're talking law here,
and my only reference is the American legal system.

Liability for trespass to chattels is limited to the damage done, and 
liability for conversion is limited to the cost of replacement. Needless
to say, this is ridiculous when it comes to valuations for data - the
cost of replacing your hard drive might be measurable, but the
cost of replacing your data is extremely intangible.

FWIW I do believe that hacking does not constitute criminal trespass. 
There are legal concepts like consent implied in fact associated with the
act of attaching a computer to an Internet known to be populated by people
and 'bots intent on compromising your security. 

-- Greg

On or about 2004.10.06 17:00:27 +0000, WB (cab75 () comcast net) said:

Interesting thoughts, but the fact remains hacking is illegal.

It is criminal trespass.

Look at it this way, someone breaks into your house defaces it to illustrate
how insecure you are.  

Your not going to like it.  Same holds true in the digital realm.

I have no problem with breaking into systems in a lab and then reporting on
the vulnerabilities.  That is constructive and helps us all.  

However, doing it to production systems, can depending on the systems place
lives at risk, more so then the vulnerability they exploit.

It is up to industry to fix the software mess and until we stop buying bad
software or congress overturns the EULA's that exempt the software industry
from liability, they won't.

Spyware, in most cases is about profit

Anyway enjoyed your comments.


Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]