I gotta tell ya, the law seems a bit overboard. Also shows a complete lack
of understanding of how the Internet works (concepts: shared resources,
learn by doing, open mail relays are by definition available for public use,
world readable directories and open source, anonymous ftp, etc.) Also,
there is a concept (though now seen by some as too conservative - whiners)
in Anglo - American jurisprudence that if there is no harm, then how could a
crime have been committed? Also, if your system is configured properly, it
shouldn't cost thousands of dollars to investigate a break-in or break-in
attempt, you should get it in your email inbox in the morning. Why should a
computer user who played with your open relay (seen by some as a putting a
swing in the front yard right next to the busy sidewalk without a fence or a
sign) be punished because your incompetence meant that it took you $5000 to
figure out what happened?
my two cents.
(also see 8th amendment).
-----Original Message-----
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 01, 2000 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Hey, I DON'T WANT a firewall in front of my network!
"Paul D. Robertson" wrote:
>
> On Thu, 27 Jan 2000, Frank Knobbe at Home wrote:
>
> > Let me toss my 2 pennies in here.
> >
> > a) I seem to remember that when you get hacked, the law is not in
> > your favor because you did not employ 'reasonable measures' to
> > protect your assets.
>
> As nice as it would be if there were some accountability, the law is in
> your favor because the attacker broke the law. The questions about
> reasonable and prudent practice come mostly from your liability if your
> site is used to attack another site, or if your company suffers
> shareholder lawsuits due to a breach. I haven't seen any
> significant caselaw in this area specificly relating to computer
> intrustions though, so it's not so cut and dried.
In Texas, it is cut and dried. Chapter 33 of the Texas Penal
Code makes unauthorized access of a computer without permission
a crime. It doesn't matter whether there are any damages and
it does not require the owner of the computer to do anything
to prevent the occurrence.
Unless this has been recently changed, here are the punishments
based on the amount of damages:
damages punishment
------------ --------------------------------
none up to $2,000 fine
up to 6 months in jail
< $1,500 up to $4,000 fine
up to 1 year in jail
>= $1,500 up to $10,000 fine
< $20,000 180 days to 2 years in a state jail
>= $20,000 up to $10,000 fine
< $100,000 2 - 10 years in a state jail
>= $100,000 up to $10,000 fine
< $200,000 2 - 20 years in a state jail
>= $200,000 up to $10,000 fine
5 - 99 years in a state jail
Also, "damages" includes any expenditures to determine the
extent of damage. Thus, it is inconceivable that any
unauthorized access greater than a port scan would not be
at least a Class A Misdemeanor. Even an authorized relay
test could be pushed into the State Jail Felony range if
the administrator is forced to spend $1,500 or more closing
relays as a result of the relay test.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
