RE: CRIME Senator Hatch - Destroy file swappers' computers

From: Christiansen, John (SEA) (JohnC@private)
Date: Thu Jun 19 2003 - 13:10:02 PDT

  • Next message: Justin Kurynny: "RE: CRIME Senator Hatch - Destroy file swappers' computers"

    Good point. How about this analogy? If I own a gun which I leave around
    where I can anticipate my elementary school age child will find it, am I
    responsible if he takes it to school and threatens his classmates? True
    current King County case, in which as I understand it the gun-owning mother
    has been charged with a crime (don't know what it is). 
    
    One problem with this analogy is that probably unlike most participants on
    this list, most computer users don't know the stats showing how quickly
    unsecured boxes tend to be taken over when put on the net, and don't
    generally know much about how to keep them from improper use by third
    parties, while almost everybody (pro- or anti-gun) knows about gun risks and
    accepts the need to secure them away from kids. Kids tend to be attracted to
    and sometimes misuse guns; kiddies (and more serious perps) tend to be
    attracted to and deliberately misuse unsecured boxes; in either case harm
    may be caused to third parties. 
    
    Which leads to another problem with this analogy: computers can only harm
    data and/or other computers - any harm to human life or health can only be
    consequential, if the harmed data or computer was needed to support
    functions affecting life and/or health - making the threat much less direct
    than a gun. Which was the reason for my throwaway comment on SCADA systems
    before - if you can take reasonable steps to avoid harm, such as not
    connecting critical applications to the Internet - you should do that before
    resorting to hack back too. 
    
    -----Original Message-----
    From: St. Clair, James [mailto:JStClair@private]
    Sent: Thursday, June 19, 2003 12:46 PM
    To: crime@private
    Subject: RE: CRIME Senator Hatch - Destroy file swappers' computers
    
    
    Good response, but it is not the right analogy: The Hatch concept inherently
    relies on a sense of identity for the "thievery" that is technically
    impossible to establish. The guilty party is at the keyboard, not the box
    involved.
    
    Perhaps this analogy: If I use a shopping cart to break a window and rob a
    store, should the store go after the supermarket?
    
    -----Original Message-----
    From: Christiansen, John (SEA) [mailto:JohnC@private]
    Sent: Thursday, June 19, 2003 3:36 PM
    To: crime@private
    Subject: RE: CRIME Senator Hatch - Destroy file swappers' computers
    
    
    Serious response: In most states the store owner would have the right to use
    force to prevent harm to property, but the degree of force would have to be
    in some sense proportionate to the harm to be prevented.
    
    Shooting a burglar who's coming at you with a tire iron is probably going to
    be accepted; shooting a shoplifter in the back is probably way out of bounds
    (at least in the relatively pacific Northwest, if not everywhere); breaking
    a thief's fingers with a bat when you are trying to stop him from grabbing
    the cash drawer probably won't get you prosecuted or subject you to civil
    liability (though there are some pretty nervy perps out there); burning up
    the getaway car is probably too potentially dangerous to third parties and
    yourself, not to mention the thief, to be acceptable.  
    
    The valid point being that there is precedent out there which might support
    hack back self-help - the problem being avoidance of seductive but
    misleading analogies, when all you have to work from is analogy. 
    
    -----Original Message-----
    From: Justin Kurynny [mailto:justink@private]
    Sent: Thursday, June 19, 2003 12:08 PM
    To: crime@private
    Subject: RE: CRIME Senator Hatch - Destroy file swappers' computers
    
    
    serious, sarcasm-free questions for the group: if a shop owner catches
    someone stealing something from her store, should she have the right to
    destroy the tools of the thief's vocation? in other words, should we
    grant her the right to break his hands and legs? maybe even amputate
    them? less drastically and humanly injurious, should she have the right
    to drop a lit match into the thief's getaway car as a means of
    destroying it?
    
    justin
    
    justin kurynny
    manager of network engineering
    waggener edstrom, inc.
    
    *
    
    -----Original Message-----
    From: Christiansen, John (SEA) [mailto:JohnC@private] 
    Sent: Thursday, June 19, 2003 11:42 AM
    To: 'Crispin Cowan'
    Cc: crime@private
    
    If the ISP is responsive and the rules of engagement say you don't
    escalate if the ISP is responsive, then hacking back isn't legit. But
    that doesn't suggest you should avoid figuring out what the rules should
    be - seems to me it suggests you should figure out the rules. We didn't
    have this one before, did we? But now we have a consensus on this point.
    So all we need to do is make sure sysadmins are appropriately responsive
    and the rules around escalation become moot. So, following this
    alternative branch, what are the rules for sysadmin responsiveness? In
    other words, when can I hold an ISP
    liable for failing to cut off hostile activity?    
    



    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 13:38:50 PDT