-----Original Message----- From: Justin Kurynny [mailto:justink@private] Sent: Monday, June 24, 2002 11:09 AM To: George Heuston Subject: RE: CRIME EarthLink Password Security Story thanks George. did your reply go to the list? my headers show it only came to me. i thought your reply was very informative. thanks again. justin * -----Original Message----- From: George Heuston [ mailto:GeorgeH@private <mailto:GeorgeH@private> ] Sent: Monday, June 24, 2002 10´30 To: 'Justin Kurynny' Subject: RE: CRIME EarthLink Password Security Story These observations illustrate why E-banners on systems become very important regarding the issues you bring up. They define/remind the users (even trespassers) of level of acceptable use, and the resident degree of privacy on the System. As for reading/stealing: If you are reading information from an area you're not authorized to be in, this is, at very least, a trespass (unauthorized access). That is a criminal offense. If the 'hostile' remotely stores that info in any way (ie, temp files, etc) the information has been stolen (transferred) from the rightful owner to the hostile. That's a criminal offense, whether the theory is plain theft, or computer crime, as variously set forth in common law, and state and federal statutes. Geo -----Original Message----- From: Justin Kurynny [ mailto:justink@private <mailto:justink@private> ] Sent: Monday, June 24, 2002 9:51 AM To: 'crime@private' Subject: RE: CRIME EarthLink Password Security Story what exactly is the definition of "breaking and entering" in legal terms? if one does not break anything to gain access, yet does not enter but only looks around and gains knowledge of contents as you mentioned, John, are they acting illegally? the interesting thing about cyberspace is that it appears as though it's a lot harder to distinguish the act of reading information from the act of accessing (entering) as system to read it. i.e., one action is integrally a part of the other. furthermore, is the act of reading information the same thing as stealing information? without proper posted warning, how can someone know that the information they are about to learn will be illegal for them to possess? (yikes. there's something of a shade of 'minority report' in there somewhere.) justin * -----Original Message----- From: SCRIMSHER,JOHN (HP-Corvallis,ex1) [ mailto:john_scrimsher@private <mailto:john_scrimsher@private> < mailto:john_scrimsher@private <mailto:john_scrimsher@private> > ] Sent: Friday, June 21, 2002 15´27 To: 'Jordan Gackowski'; 'CRIME' Subject: RE: CRIME EarthLink Password Security Story > -----Original Message----- > From: Jordan Gackowski [ mailto:jgackowski@private <mailto:jgackowski@private> < mailto:jgackowski@private <mailto:jgackowski@private> > ] > Using a method to access data that you normally wouldn't be > able to access (such at the dir x-versal you mention) would > (should) still be illegal. Like taking the money out of a > cash register and using the excuse that it had a crappy lock > so it was OK to get in there. > Actually, a more appropriate analogy would be if a person were to enter a store and notice a door at the back with no signs on it and unlocked.. Being curious, they open the door to look in to find whatever is there... Could be a bathroom, storage closet, or vault... The person doesn't know until they look into it. If they then walk back out, without taking and/or vandalizing anything that they found, other than the knowledge of what they saw, are they acting illegally? Your analogy of stealing the cash from an improperly secured register goes back to one of my main statements that theft or destruction is/should be illegal regardless of access methodology. John
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 12:36:13 PDT