Intrusion Detection Systems mailing list archives

implications of recent legal trends

From: stuart () SiliconDefense com (Stuart Staniford-Chen)
Date: Tue, 18 Apr 2000 10:57:42 -0700


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

There's a news story at 

http://www.securityfocus.com/news/

under "Copyright War Declared"

which really set me thinking about the implications of the recent legal
trends in the US for our field.  (It would be interesting to hear about
the legal situation in other countries too).  Here's a quote from the
story (fair use, honest!)

Meanwhile, the ACLU is representing three people who mirrored 
cphack, a utility that allows users to bypass the Cyber Patrol 
web filtering program and to view its secret list of blocked 
sites. That case ended in a settlement when cphack's authors 
agreed to transfer ownership of the program to plaintiff Mattel,
owner of Cyber Patrol. A federal judge in Boston issued a 
permanent injunction in the case barring anyone "in concert" 
with the program's authors from mirroring the program, and the 
ACLU announced Wednesday it was appealing that decision to the 
1st Circuit Court of Appeals.


I don't know any more about the case than that.  It was settled so it
isn't legal precedent.  But presumably the ACLU wouldn't have given in
unless they thought the case looked pretty bad for their clients.

Now this worries me hugely.  I can't see much difference between
cphrack, and say Dug Song's fragrouter, or RFP's whisker.pl (with its
IDS defeating modes), or even Fyodor's nmap (with it's various attempts
to be stealthy).  Are we going to see IDS vendors taking people to court
for distributing tools that seek to bypass IDS detection?

That would be an absolute disaster for the field.  We need people to be
able to create and distribute these kinds of tools so that IDS builders
are forced to do their job properly.  And trying to suppress them
legally will not prevent them from being distributed in the underground
community.  All it will do is prevent law-abiding security experts from
having access to them.

Thoughts?

Stuart.

-- 
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuart () silicondefense com
(707) 822-4588                     (707) 826-7571 (FAX)

Current thread:

Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] cy bear (Apr 13)
- Re: the "please forward to everyone email" walter sulym (Apr 13)
- Passive Mapping: An Offensive Use of IDS Martins, Fernando (Lisbon) (Apr 14)
  - Re: Passive Mapping: An Offensive Use of IDS Ron Gula (Apr 14)
  - Last call for extended abstracts - Raid 2000 - Deadline is April 30th Herve Debar (Apr 18)
  - Last call for extended abstracts - Raid 2000 - Deadline is April 30th Herve Debar (Apr 18)
  - implications of recent legal trends Stuart Staniford-Chen (Apr 18)
    - Re: implications of recent legal trends Shafik Yaghmour (Apr 19)
    - Re: implications of recent legal trends Roelof JT Jonkman (Apr 21)
    - Passive Fingerprinting Lance Spitzner (Apr 22)
- Syslogd whith secure options ? bruno.pradal () free fr (Apr 14)