RE: CRIME EarthLink Password Security Story

From: Tom Tintera (Tom_Tintera@private)
Date: Mon Jun 24 2002 - 14:22:01 PDT

  • Next message: brvarin@private: "Re: CRIME AOL Backdoor?"

    The language of the statute controls whether a crime has been committed.
    'breaking and entering' is a common law term for burglary-the person had to
    break the plane of the building with an intent to commit theft therein and
    it had to be at night. We no longer relay on common law, but we look to the
    statutory language:
    
    > ORS 164.377 states that:4) Any person who knowingly and without
    > authorization uses, accesses or attempts to access any computer,
    > computer system, computer network, or any computer software, program,
    > documentation or data contained in such computer, computer system or
    > computer network, commits computer crime. Class A misdemeanor. 
    > 
    No breaking, no entering, but 'knowingly and without authorization accesses
    or attempts to access'. This is why the banners play an important role in
    proving 'without authorization' on a pubic web site.
    
    This statute is very broad, but should serve as a common sense guide to what
    is allowed or not allowed. 
    
    
    Tom Tintera
    Senior Deputy District Attorney
    Washington County District Attorney
    Hillsboro, Oregon  
    503 846-3462
    tom_tintera@private
    
    
    
    > ----------
    > From: 	SCRIMSHER,JOHN
    > (HP-Corvallis,ex1)[SMTP:john_scrimsher@private]
    > Sent: 	Monday, June 24, 2002 11:42 AM
    > To: 	'crime@private'
    > Subject: 	RE: CRIME EarthLink Password Security Story
    > 
    > That is an excellent question Justin.  I was hoping that Tom would help us
    > to answer that (since his sig refers to the District Attorney's office).
    > It would be my understanding that "breaking and entering" would include
    > entering an unlocked door that is posted as "No Trespassing", or
    > "Authorized Personnel Only" without receiving prior permission.  This may
    > also include entering via a non-standard method, such as a window that is
    > left open.  If it includes the non-standard methods, then that would
    > possibly make my original point moot, as I don't believe that anyone would
    > consider directory traversal to be a standard method of access to site
    > information, but who knows what a jury could be convinced of.
    >  
    > I have no legal training or background, so my opinions are strictly that.
    > I was merely doing what I like to do, play a little devil's advocate and
    > try to spur intelligent conversation for all of us to have a better
    > understanding of the laws that influence/are influenced by our work.  I
    > don't believe that anyone can just sit on their laurels and believe that
    > they already understand the laws, etc without such open discussions.
    >  
    > So, back to your question (paraphrased): If one does not break anything to
    > enter, but gains entry and merely "sees" information, are they acting
    > illegally?
    >  
    > I don't know, but I would really like to hear from anyone that has legal
    > experience with such matters .  In my opinion this should not be illegal,
    > but I believe that it would most likely result in conviction if presented
    > to a jury.  The laws just seem to convoluted and gray to really state
    > anything as fact.
    >  
    > Thanks,
    > __________________________________________________________________________
    > _
    >                    
    > ******    _/          ******  |  John Scrimsher
    > *****    _/            *****  |  ISE Intrusion Detection
    > ****    _/_/_/  _/_/_/  ****  |  Hewlett Packard Co.
    > ****   _/  _/  _/  _/   ****  |  Phone : 541 715 4671
    > ****  _/  _/  _/_/_/    ****  |  Telnet: 715 4671
    > *****        _/        *****  |  Fax   : 541 715 6182
    > ******      _/        ******  |  E-mail: john_scrimsher@private
    >                               |  Postal: 1000 NE Circle Blvd
    >  i    n    v    e    n    t   |          Corvallis, Oregon 97330
    > __________________________________________________________________________
    > __  
    > 
    > 	-----Original Message-----
    > 	From: Justin Kurynny [mailto:justink@private] 
    > 	Sent: Monday, June 24, 2002 9:51 AM
    > 	To: 'crime@private'
    > 	Subject: RE: CRIME EarthLink Password Security Story
    > 
    > 
    > 
    > 	what exactly is the definition of "breaking and entering" in legal
    > terms? 
    > 
    > 	if one does not break anything to gain access, yet does not enter
    > but only looks around and gains knowledge of contents as you mentioned,
    > John, are they acting illegally?
    > 
    > 	the interesting thing about cyberspace is that it appears as though
    > it's a lot harder to distinguish the act of reading information from the
    > act of accessing (entering) as system to read it. i.e., one action is
    > integrally a part of the other.
    > 
    > 	furthermore, is the act of reading information the same thing as
    > stealing information? without proper posted warning, how can someone know
    > that the information they are about to learn will be illegal for them to
    > possess? (yikes. there's something of a shade of 'minority report' in
    > there somewhere.)
    > 
    > 	justin 
    > 
    > 	* 
    > 
    > 	 
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 15:02:26 PDT