I suppose I shouldn't post this to FD, as you have not done so. Very
well. Please feel free to post your reply to FD if you wish, so long
as you include my entire post unedited, at the top. (Of course I
cannot legally constrain you from doing it any other way--all this is
a matter of etiquette.)
I may not wish to continue this for too long if others will be unable
to read our arguments, but that's OK.
Michael Krymson wrote:
If I reach my hand out to the door, I can feel the knob. I attempt to
turn
it, and it yields to my movement. In turning the knob, the door accepts
my
interaction, pulls the bolt out of the frame, swings upon well-oiled
hinges
with nary a complaint and allows me to enter. Am I doing something
illegal
(oh say, trespassing)? It would seem to me that the door is allowing me
to
enter, in fact, nearly welcoming the action.
For the troll, I would switch this up to say this is a public building
after
hours. Someone leaves the door unlocked. Is this "public domain" as he is
wont to throw around (without demonstrating any understanding of the
term)?
So we have my analogy and your analogy. Which is right?
Actually I don't think you've found the problem with my analogy. My
analogy corresponds far better than yours, because when you open an
unlocked door, the door is not an active participant. Whereas when you
connect to a server, the server has to actually *do* something.
The problem with my analogy, which may or may not be fatal to it, is
that for a client to send FIN ACK and then continue to send TCP
datagrams is clearly not illegal, though according to my analogy that
would correspond to saying "I'm leaving your house now," and staying.
And for a host to totally the RST flag is also not illegal (and rather
useful sometimes: http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf), though
for the client to do that would correspond to ignoring "GTFO of my
house!" My analogy would actually render illegal, actions that are
clearly legal and perhaps even harmless and useful. But it's still
food for thought. Is accessing a server really like entering a
structure on somebody's property? What are the limitations of that
analogy? It may be a useful analogy, but you need to justify it if
you're going to convict someone on the basis of it.
Is that a totally wrong analogy? Maybe. If it is, are we be sure it is
a wrong analogy, BEYOND REASONABLE DOUBT?
This isn't a murder trial. You don't need emotionally charged terms. :)
You may be unfamiliar with how the American legal system works. We use
the reasonable doubt standard in all criminal proceedings, not just
murder proceedings. The good news is that if you didn't know that and
were on an American jury, the judge would tell you as part of his or
her instructions to the jury. Can you imaging the judge talking about
"beyond a reasonable doubt" in any criminal proceeding (e.g.
jaywalking) and a juror telling the judge not to use emotionally
charged terms!?
That term is emotionally charged because people in the US (at least
used to) believe in the rights of the accused. Oh, I can censor my
language so as not to invoke people's commitment to justice? No
thanks. I'll stick with the legally correct and emotionally charged
terms.
Really, we can use the term 'reasonable' for issues like this.Would an
average reasonable person think that accessing a government computer
system
because it had a blank password in a login prompt that he normally would
not
know the account information for, is a bad thing? Possibly illegal?
The question is not if a reasonable person could think the act was
illegal. The question is if any reasonable and informed person, in
light of the arguments and evidence presented in the trial (which has
not yet happened), could think the act was *not* illegal. If any such
person could come to that conclusion, and the jury realizes that
**even if the jury doesn't itself come to that conclusion**, then the
jury is required to acquit. This is the reasonable doubt standard.
We can
argue semantics all day,
Semantic arguments are extremely important in a court, so there is no
reason for us not to discuss them.
but in many situations, it is the spirit of the law
and what a reasonable person concludes, that is key.
With what extraordinary evidence (as Carl Sagan would say) do you
support that extraordinary claim?
In no remotely civilized nation is it possible to convict someone in a
criminal proceeding on the basis of the "spirit" of the law! Imagine
that--"sir, you're technically innocent, but we're going to jail you
anyway because it would really make sense if what you did had been
illegal."
Let's clarify something. The criminal allegation is computer fraud,
right? The question is then whether or not obtaining access by
entering a blank password in a password prompt is *fraudulent*.
-Eliah
Intro
