That is an excellent question Justin. I was hoping that Tom would help us to answer that (since his sig refers to the District Attorney's office). It would be my understanding that "breaking and entering" would include entering an unlocked door that is posted as "No Trespassing", or "Authorized Personnel Only" without receiving prior permission. This may also include entering via a non-standard method, such as a window that is left open. If it includes the non-standard methods, then that would possibly make my original point moot, as I don't believe that anyone would consider directory traversal to be a standard method of access to site information, but who knows what a jury could be convinced of. I have no legal training or background, so my opinions are strictly that. I was merely doing what I like to do, play a little devil's advocate and try to spur intelligent conversation for all of us to have a better understanding of the laws that influence/are influenced by our work. I don't believe that anyone can just sit on their laurels and believe that they already understand the laws, etc without such open discussions. So, back to your question (paraphrased): If one does not break anything to enter, but gains entry and merely "sees" information, are they acting illegally? I don't know, but I would really like to hear from anyone that has legal experience with such matters . In my opinion this should not be illegal, but I believe that it would most likely result in conviction if presented to a jury. The laws just seem to convoluted and gray to really state anything as fact. Thanks, ___________________________________________________________________________ ****** _/ ****** | John Scrimsher ***** _/ ***** | ISE Intrusion Detection **** _/_/_/ _/_/_/ **** | Hewlett Packard Co. **** _/ _/ _/ _/ **** | Phone : 541 715 4671 **** _/ _/ _/_/_/ **** | Telnet: 715 4671 ***** _/ ***** | Fax : 541 715 6182 ****** _/ ****** | E-mail: john_scrimsher@private | Postal: 1000 NE Circle Blvd i n v e n t | Corvallis, Oregon 97330 ____________________________________________________________________________ -----Original Message----- From: Justin Kurynny [mailto:justink@private] Sent: Monday, June 24, 2002 9:51 AM To: 'crime@private' Subject: RE: CRIME EarthLink Password Security Story what exactly is the definition of "breaking and entering" in legal terms? if one does not break anything to gain access, yet does not enter but only looks around and gains knowledge of contents as you mentioned, John, are they acting illegally? the interesting thing about cyberspace is that it appears as though it's a lot harder to distinguish the act of reading information from the act of accessing (entering) as system to read it. i.e., one action is integrally a part of the other. furthermore, is the act of reading information the same thing as stealing information? without proper posted warning, how can someone know that the information they are about to learn will be illegal for them to possess? (yikes. there's something of a shade of 'minority report' in there somewhere.) justin *
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 12:36:17 PDT