That is an excellent question Justin. I was hoping that Tom would help us
to answer that (since his sig refers to the District Attorney's office). It
would be my understanding that "breaking and entering" would include
entering an unlocked door that is posted as "No Trespassing", or "Authorized
Personnel Only" without receiving prior permission. This may also include
entering via a non-standard method, such as a window that is left open. If
it includes the non-standard methods, then that would possibly make my
original point moot, as I don't believe that anyone would consider directory
traversal to be a standard method of access to site information, but who
knows what a jury could be convinced of.
I have no legal training or background, so my opinions are strictly that. I
was merely doing what I like to do, play a little devil's advocate and try
to spur intelligent conversation for all of us to have a better
understanding of the laws that influence/are influenced by our work. I
don't believe that anyone can just sit on their laurels and believe that
they already understand the laws, etc without such open discussions.
So, back to your question (paraphrased): If one does not break anything to
enter, but gains entry and merely "sees" information, are they acting
illegally?
I don't know, but I would really like to hear from anyone that has legal
experience with such matters . In my opinion this should not be illegal,
but I believe that it would most likely result in conviction if presented to
a jury. The laws just seem to convoluted and gray to really state anything
as fact.
Thanks,
___________________________________________________________________________
****** _/ ****** | John Scrimsher
***** _/ ***** | ISE Intrusion Detection
**** _/_/_/ _/_/_/ **** | Hewlett Packard Co.
**** _/ _/ _/ _/ **** | Phone : 541 715 4671
**** _/ _/ _/_/_/ **** | Telnet: 715 4671
***** _/ ***** | Fax : 541 715 6182
****** _/ ****** | E-mail: john_scrimsher@private
| Postal: 1000 NE Circle Blvd
i n v e n t | Corvallis, Oregon 97330
____________________________________________________________________________
-----Original Message-----
From: Justin Kurynny [mailto:justink@private]
Sent: Monday, June 24, 2002 9:51 AM
To: 'crime@private'
Subject: RE: CRIME EarthLink Password Security Story
what exactly is the definition of "breaking and entering" in legal terms?
if one does not break anything to gain access, yet does not enter but only
looks around and gains knowledge of contents as you mentioned, John, are
they acting illegally?
the interesting thing about cyberspace is that it appears as though it's a
lot harder to distinguish the act of reading information from the act of
accessing (entering) as system to read it. i.e., one action is integrally a
part of the other.
furthermore, is the act of reading information the same thing as stealing
information? without proper posted warning, how can someone know that the
information they are about to learn will be illegal for them to possess?
(yikes. there's something of a shade of 'minority report' in there
somewhere.)
justin
*
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 12:36:17 PDT