Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all

by Masem (Monsignor)
on Oct 01, 2001 at 04:10 UTC ( [id://115774]=note: print w/replies, xml ) Need Help??


in reply to (OT) Pending Anti-Terrorism Legislation in the US could impact us all

I do agree that if you haven't contacted your congresspeople, now is the time; the ACLU makes it very easy to do this with this link.

That said, it should be pointed out that numerous congresspeople have pointed out that the White House's proposed legislation is way over the top. Leahy has introduced a second bill that basically is more reasonable; it updates such issues such as wiretapping on a person, not just a specific device, but does not include many of the questionable suggestions, such as deterring immigrates indefinitely. I very much doubt the WH version will pass without significant changes.

The other issue is the computer acts as terrorism part. You need to refer to Section 1030 of the US Code, and specifically look at parts (a)(1), (a)(4), (a)(5)(A), and (a)(7). While IANAL, the only one that the occasional 'nmap' or similar tool could be considered as a terrorist weapon is (a)(4), and that's only if the nmap or other tool is used further to suck data off the end computer. Most of those specific parts of the code are , IMO, true 'cracker' crimes, and deserve any increase in punishment (eg, this could easily apply to people like script kiddies or virus writers). Mind you, if I was to use nmap on a system that I don't directly control, or other similar tools, I would check with the the end user and make sure that they are ok to be simply scanned.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
It's not what you know, but knowing how to find it if you don't know that's important

  • Comment on Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all

Replies are listed 'Best First'.
Re: Re: (OT) Pending Anti-Terrorism Legislation in the US could impact us all
by idnopheq (Chaplain) on Oct 01, 2001 at 15:38 UTC
    THX for pointing these out ... for the nmap section, I did not mean to imply I perform such actions without the knowledge of the external entities. Yet my interpretation of the law makes no distinction between using such tools in a professional capacity versus in a terrorist capacity. But I'll re-read it when I get into work this morning EDT.

    Who was that guy in Tulsa (?) who found a hole in someone's web server, nabbed some data to prove the problem, notified the site of their security issue, and was arrested? While I do not agree with the data theft or having performed such actions without the knowledge of the site itself, could one argue that finding open ports, software versions, etc. on a remote machine acquiring "data"? I'm no legal eagle, and I've asked my employer's legal department read the legislation and tell me how it may impact my day-to-day activities.

    I guess my concern here is having to prove one adhered to the law. It seems easy under this section to have a "Salem Witch Hunt" kind of scenario, moving the burden of proof back to the defendent. And, only time will tell how policing agencies enforce it and how the judicial interprets it.

    THX

    YMMV
    --
    idnopheq
    Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.

[reply]
      I believe you're thinking of Brian West vs a newspaper. Slashdot has a followup here and here. The end result was that while he did find a hole, he did a lot more than he claimed based on server and ISP logs than just confirm it; he grabbed info from their servers, modified several pages, etc. Most agree that when West told his story to various online outlets, he was trying to drum up sympathy akin to other cases (DeCSS, Adobe). However, it failed miserably once the details were released.

      What should be pointed out is that Section 1030 as pertaining to computer crime is still valid; if there *are* problems with using a tool like nmap on a system to begin with, then theorhetically, that's already illegal, but I've yet to hear anyone prosecuted for just doing an nmap or the like. It's just that the more 'cracker'-like crimes are going to get stiffer penalities, including up to the same terms as terrorists acts.

      -----------------------------------------------------
      Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
      It's not what you know, but knowing how to find it if you don't know that's important

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://115774]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2024-04-24 20:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found