Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Congratulations Andrew
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 17 Jun 2010 13:04:00 +1200

bk to wilder_jeff Wilder:

By that same standard.. if you leave your house unlocked.... does
that give someone the right to enter it? 

just my thoughts

Sending from the right account this time...

It wasn't an unlocked house.  It was a table on the sidewalk with
all the neighbors' Girlscout cookie order sheets on it.  Someone
just happened to pickup not only their order sheet, but everyone
else's too. 

That may be what _you_ see as a relevant analogy, but that's not how 
most legal systems will see it.  To most legal systems it matters not 
that the folk ostensibly responsible for "protecting" the data 
effectively just laid it all out (more or less) in public view.  The 
pertinent legal questions will likely revolve around whether the 
accessor could reasonably claim they did not know they were not 
authorized to access that data.

And how will the courts assess whether the accessor was authorized to 
access that data?  Simple -- they ask the "owner" of the data (AT&T) 
who will surely say "we did not authorize the defendant to access that 
data", and they will probably blandly add something like "and we took 
industry-standard measures to reasonably protect the data against 
unauthorized access".  Whilst the latter is apparently rather easily 
debunked, doing so is pretty irrelevant to defending an unauthorized 
access" charge, as regardless of how easily (trivially in this case) 
the access was obtained, the issue is "was that access authorized".

Many apparently stupid things have been built into our computer and 
technology laws.  These often don't actually make much sense if you 
think the objective of such laws should be to encourage data guardians 
to do a better job of their charge, but mostly these laws have been 
made to make it relatively easy to obtain prosecutions.

Think you could get a theft prosecution for that?

And touche' to Valdis' response making fun of this part of your post 


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]