Forwarded from: Marjorie Simmons <lawyerat_private> [Disclaimer: weekend muse -- this is not legal advice so do not take it as such.] <museMode> Drawing on a building is something we in the US have historically considered 'graffiti'. Graffiti is generally considered a misdemeanor, last time I checked anyway, (unless John Ashcroft has been busy again. Perhaps now its seditious.) More importantly, in the US, if an act is defined at law as criminal (aka, not misdemeanor), it requires criminal intent. Criminal intent is borne in the perpetrator's state of mind, not the victim's. Extreme example: what if the 9-11 terrorists chalked the trade towers as a hit target before Sept 11? Does that make the denizens of the towers responsible for their fate because they didn't notice, or because they did notice but took no action because the actual result was unthinkable? If a victim, any victim, is careless, or if they are a dolt who should know better than to expose their business secrets to the world via an unsecured wireless network, such carelessness does not magically morph the victim into a position of criminal responsibility for the purpose of assessing the criminality of someone else's act performed upon him. The marking of a target can provide evidence for the prosecution of a wrongful act later committed, but by itself does not necessarily constitute a criminal act. Although chalking by itself constitutes no theft that I can identify, services-theft or data-theft following such chalking certainly may be assessed as criminal. If the chalker(s) are also participants in such theft or intend that such marking be used by others for such theft -- and such theft actually occurs -- such chalking could be considered as part of a methodology of the criminal act. Its pretty hard to prove a murder though, without the body, thus, if there has been no access, or theft of data or services, such graffiti seems to me simply graffiti. Perhaps a person's carelessness directly results in his becoming a crime victim, but though we bemoan such carelessness, the law does not assign criminal responsibility to the victim without evidence of some intent on the victim's part that the opening of a door to crime be intended to actually result in that crime. A more general carelessness, of course, usually subjects the victim to other pains. Seems to me Pete's on the right track. Pete's offered some good examples ... consider this one: Lawyer A and Lawyer B are on opposite sides of a negotiation. Lawyer C represents a company which is a stakeholder in the outcome of the negotiation between A & B, but C is not a party to the negotiation. C has never broken the law or any of the legal ethics rules, and his friends think him a bore. C's client company is desperate to find out the details of A & B's communication before any deal is struck as the deal could destroy C's company. (C's client company, btw, makes widgets free for the poor.) C learns that A & B do not use encrypted communications by A & B telling him so at an unrelated convention that they all attend. C decides to hire a competent geek to do a bit of selective wardriving in order to find out what A & B are up to. C's geek chalks a good spot for the job and then C's geek sends her one-time contract employee to grab some in-the-clear data from A & B during transmission. C thereby learns that A & B's deal, if done, will indeed destroy C's client company. C, armed with this new information, takes remedial measures that save C's client's south end, but that do not disrupt the deal between A & B. A & B successfully complete their deal and never find out that their communications have been compromised. They lose nothing as to the outcome of their deal and C's client company is saved. C never again resorts to such measures, and retires on his bonus for saving his client. C's geek gets religion the next day and races off to dogooder heaven in Timbuktu. Her contract employee goes back to his day job as a firefighter in a major American city. Where is the wrongdoing here? Is it with A & B uncaringly putting C's client out of business but for C's intervention, or are moral analyses even relevant? Is it with C's directive to C's geek to surreptitiously peek at the data? Is it with C's geek's contract employee in actually accessing data? Is C's geek's guilt measured the same as C's, or as C's geek's contract employee? If C and agents only got as far as chalking and then stopped -- has a crime been committed? Is there any wrongdoing with A & B's carelessness in not protecting their transmissions? If so, does it change the nature of C's (and his agents') acts? Is there a conspiracy here? Do A & B's clients at least lose the attorney-client privilege as to this deal because their lawyers were fools? (Certain Florida courts have ruled so.) If so, does that after-the-fact result change the nature of any prior criminal act by others at all? A helpful approach is not to simply ask where the wrongdoing is in any given situation, but to analyze the nature of each of the wrongful acts in order to determine what the proper responses and remedies might be. In so doing, one may more easily sort out responsibility for the criminal and for the simply careless, and the larger moral observations from the more compartmentalized ethical obligations of certain individuals, e.g., due care. Otherwise we end up chasing butterflies with sledgehammers. These are the questions that are, unfortunately, not being assessed too carefully of late in certain US government circles. With regard to what constitutes criminality, and with resolve to rectify vulnerability while keeping within the bounds of Constitutional law in the US, it seems to me that not since the Civil War have US citizens had a more compelling need to consider these questions such that definitions of criminal acts and responses to them may be crafted accordingly. </museMode> Marjorie Simmons On Monday, September 23, 2002 1:02 am, InfoSec News [SMTP:isnat_private] wrote: | Forwarded from: Pete Lindstrom <plindstromat_private> | | Hmmm, not sure if "due care" is a legal term or not, nor whether it | applies to criminal activity.. It seems to me that "due care" can | easily fly in the face of personal freedom. | | I would argue that I have every right to hang an ethernet cable out my | window on my property and not expect someone else to tap in, just like | I would argue I should be able to leave my keys in the ignition | without having my car stolen, women should be able to wear thongs at | the beach without risking a pinch, I should be allowed to let certain | people use my bike but not others, and I should be able to write | run-on sentences if I want to (;-)). As long as I am not infringing on | someone else's rights or creating a dangerous situation, etc., why | shouldn't I be allowed to? | | Now, does that make me smart? well, no. Naive? Probably (or more | likely just plain dumb), . . . snip - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 02:35:39 PDT