RE: CRIME What do you do with bad stuff?

From: Christiansen, John (SEA) (JohnC@private)
Date: Fri Aug 08 2003 - 16:18:34 PDT

  • Next message: Jim Wood: "CRIME ????"

    The key to both Mark's and Todd's conundra is intent. Criminal laws - which
    is what I think they are afraid of being punished by - require some kind of
    intent to possess or obtain the "bad stuff." (Once upon a time I was a
    criminal defense lawyer and I actually researched this issue in connection
    with potential HIPAA criminal charging issues for a book I wrote a couple
    years back.) As George Carlin put it, "ya gotta wanna." Sometimes recklessly
    not caring about predictable consequences might be enough, but there has to
    be some level of intent for there to be a crime.
    
    Spam is unsolicited (if it wasn't it wouldn't be spam); whatever bad stuff
    it contains is there because the *sender* intended it, not the receiver. The
    fact that the bad stuff got stored on your server and would even be
    recoverable after deletion doesn't change that result - though not even
    opening would make it even harder to argue that you intended to receive the
    bad stuff, since you never even found out that's what it was.
    
    The same goes for bad stuff that bad guys host on your server. You didn't
    put it there; you didn't want it there; you didn't even know it was there
    until you stumbled across it. So you didn't unwittingly commit a crime by
    someone else's act.
    
    However, this latter scenario does have more problems and risks than the
    email scenario. I believe that at some point we will develop principles for
    holding system owners liable for misuses of their systems which are caused
    by reasonably discoverable and avoidable security vulnerabilities. If you
    have reason to think you are being victimized in this way I think you ought
    to do something about it, or risk being a test case.
    
    As to what you do if you discover a bunch of bad stuff on your system, I'd
    say: (1) Figure out how the bad guy(s) got in and fix the hole, and either
    (2)(a) if you are lazy, strapped for time and resources, and it looks like a
    bunch of pirated boy toy singer mp3s (or some such), get rid of it and go on
    to the next thing, or (2)(b) if you're motivated, have time and resources,
    and it looks like evidence of a serious crime or national security problem,
    preserve it and see if you can identify the right law enforcement
    respondent. As an ordinary citizen you don't have a positive obligation to
    report finding evidence of a crime, but sometimes it's a really good idea.
    
    Reader Advisory Notice: Internet email is inherently insecure. Message
    content may be subject to alteration, and email addresses may incorrectly
    identify the sender. If you wish to confirm the content of this message
    and/or the identity of the sender please contact me at one of the phone
    numbers given below. Secure messaging is available upon request and
    recommended for confidential or other sensitive communications.
    
    John R. Christiansen 
    Preston | Gates | Ellis LLP 
    925 Fourth Avenue, Suite 2900 
    Seattle, Washington 98104 
    (Direct: 206.370.8118 
    (Cell: 206.628.9125 
    
    
    -----Original Message-----
    From: Mark Johnson [mailto:markbarb2@private]
    Sent: Friday, August 08, 2003 3:39 PM
    To: crime@private
    Subject: Re: CRIME What do you do with bad stuff?
    
    
    I would like to pose a similar hypothetical question to the group.
    
    Consider this scenario:
      Suppose you receive an unsolicited e-mail which has an attachment.
      Since you do not know what it is, you delete the mail without reading it.
      Unbeknownst to you, the email attachment was "Bad Stuff", as Todd put it.
      You are now the unwitting owner of felony material.
    
    The questions:
      Are you breaking the law?
      Should we open all our spam to protect ourselves ??!?!?!!!
    
    Thanks in advance,
    Mark
    
    _________________________________________________________________
    Add photos to your messages with MSN 8. Get 2 months FREE*.  
    http://join.msn.com/?page=features/featuredemail
    



    This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 16:39:10 PDT