ORS 164.377(1)(a) says that to "access" a system means merely to "communicate" with it. So section 4 that you cite prohibits "attempts at unauthorized communication." If I 'ping' your system am I a jailbird-to-be if (and only if) you have echo turned off? If my copy of Office sends a port 137 inquiry and your firewall blocks it, did Mr. Gates or I commit a misdemeanor? Or is it a misdemeanor if your firewall doesn't block it but your NT server refuses it? Is it a misdemeanor if I send an e-mail to your postmaster if your e-mail server isn't configured for one? If your Web site says that your policy is to require that e-mails must have a phone number included but I don't, am I liable to be summoned for sending an unauthorized communication? Does it matter if I've actually seen the Web site? If this section could be taken at face value, it sounds like you have a great weapon against spammers. Sections 2 (access for the purpose of theft, including theft of services) and 3 (altering, damaging, or destroying) describe actions a reasonable person would understand as being criminal. IMHO, Section 4 is too vague to give notice of prohibited behaviors, especially on Internet interfaces. I think as well that there are some good First Amendment claims if one is simply surveying systems for the purpose of reporting on security. But I agree that caution is advised. Raymond L. Robert System Administrator Oregon Board of Medical Examiners Ray.Robert@private (503) 229-5873 x. 229 http://www.bme.state.or.us -----Original Message----- From: Tom Tintera [mailto:Tom_Tintera@private] Sent: Friday, June 21, 2002 10:38 AM To: Seth Arnold; Lyle Leavitt; 'Phil Hochstetler' Cc: CRIME Subject: RE: CRIME EarthLink Password Security Story Randal did use one of the passwords to copy a larger password file and also installed a back door through Intel's firewall. However, ORS 164.377 states that:4) Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime. Class A misdemeanor. Caution is advised if there is no authorization. Tom Tintera Senior Deputy District Attorney Washington County District Attorney Hillsboro, Oregon 503 846-3462 tom_tintera@private
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 16:58:06 PDT