Robo-chattel? New Legal Challenge to 'Bots

milomilo writes "Extending on the eBay vs. Bidder's Edge case, the NY Times reports (free registration required) that a Manhattan judge has granted a preliminary injunction against Verio from using 'bots to harvest up-for-renewal prospects from Register.com's WHOIS. The theory's that bots use up a piece of the target system's resources, denying its use to the owner. (Question: would search engines be different, presumably because they also confer a benefit on the target by making it findable?)"

this is just another step in a long process..

[mcc]

This whole thing is an interesting question, really... whether requesting something can be an attack.

I.E. you nonmaliciously (meaning, it isn't a DOS, you're actually getting information) ask for large gobs of information off of some site, the way these bots did.. or the way a spambot might.. they call this "denying services", but still, it's a simple the questioner requests, the answerer replies. If it's "unauthorized use".. well, how can you talk about unauthorized use on a public server? How can these things, authorization and to who, be implied on a public internet? Should it be the job of the requester to not go where they clearly shouldn't be, or the job of the requestee to keep them out?

Or look at it in terms of a port scan. I request things from each of these ports, thus figuring out which are open (and thus vulnerable to attack). I've seen people try to procecute this based on "unauthorized usage of machine".. well hold up, who said you had to authorize something? This person is just sending pings to ports, on a machine that by its presence on the internet you have implied responds to traffic. Why on earth would you need "permission" prior to using a system? If so, how would that permission be obtained? .. but of course none of this changes the fact that the port scan is almost always part of a malicious cracking attack.

Or, let's say-- hypothetically-- there was a single-line javascript that, if accessed from a windows NT machine, would cause the kernel to be overwritten by 0s. If you put that up on a web page, would that be "hacking"? You didn't break the machine yourself; you politely ask the machine to break itself, and it complies. Is that your fault?

But then, when you get down to it, all forms of "cracking" could be seen as requests. I request you process this block of information that just happens to cause a buffer overflow... you didn't have to process it, now did you? That last bit doesnt' really sound reasonable.. you have to draw a line somewhere, you have to note somewhere that it's no longer a request but an attack. Somewhere, for the sake of sanity, you have to draw the line, and how do you do that? Intent? How do you prove intent in court? What's the difference between the slashdot effect and a DDOS, at an abstract level?

But still how the hell can you say it's illegal to ask for something because the questioned might give you an answer even though they don't want to...? That's where the law is heading, where it's been heading for awhile, and that's completely absurd.

There is no right answer here, is there?

Re:Nice link, Hemos

[Jerf]

I hate to jump on this bandwagon, but this is just way over the line Slashdot! You have a staff of people, a whole freakin' staff and you seem to spend less time on the homepage of your site then I do, all alone, on my weblog! In sheer people hours spent on the site, Katz appears kicking the ass of the entire rest of the Slashdot crew combined!

What really ticks me off is that "The Old Media", through which many people still get their news, has latched on to Slashdot as "The New Media", meaning that Slashdot will be reflecting on my own efforts, and the efforts of anybody else trying to run a 'new media' style website. This is why I post this; Slashdot's flub-ups are personal and affect us all. The flub-ups affect people running new media sites (by tarnishing the reputation in the eyes of the Old Media press who doesn't care to dig past their original generalizations), they tarnish the reputation of Open Source (as they have been labelled the spokesperson of the Open Source movement by the same collection of media entities), and they tarnish the reputation of VA Linux. (Hey, anybody at VA listening? This is not good return on your investment!)

Slashdot editors, wake up! You are not invincible. You can be replaced, and in Internet time, too. Please get some ethics, before you convince thousands or millions that the New Media doesn't have any!

Clickable correct link

[TheKodiak]

For those of you not afraid of goatse.cx, http://www.nytimes.com/2001/01/12/technology/12CYB ERLAW.html

Correct link

[zorg77]

http://www.nytimes.com/2001/01/12/technology/12CYB ERLAW.html

Re:Nice link, Hemos

[American+AC+in+Paris]

Who would go to Hooters in Amsterdam?

...well, it suddenly occured to me that I would go to Hooters in Amsterdam. At least, that's what my employer would think if they ever decided to check the proxy server logs. While they're fairly cool about web browsing in general, they are decidedly less cool about employees looking at "objectionable material" at work. I guess I'll need to institute a policy of proofreading Slashdot's front-page content for them, to check for things like goatse.cx links...

I'm really, really glad that the submitter didn't slip a really objectionable link in there. I'm also really, really pissed off at Slashdot for this kind of crap. This is total incompetence. (I'm not even taking into account the duplicate stories on the Chinese rocket lanunch in the Science section...)

This kind of fsck-up at virtually any other major online content provider would be grounds for immediate dismissal for the employee in question, for crying out loud. READ YOUR DAMNED FRONT PAGE SUBMISSIONS!

information wants to be expensive...nothing is so valuable as the right information at the right time.

So... who actually clicked the link?

[signe]

This is amusing. Now we get to see who actually clicked the link, and who posted blindly without bothering to read the article.

-Todd

---

This seems similar to other laws

[skoda]

Windows in a public building are obviously meant to be looked through. However, if you stood long enough, gazing through the windows of a local store, they could have you removed if there are "no loitering" laws. Even though you are using the sidewalk for standing and the windows for looking, as they were meant to be.

Similarly, if you worked at one store and went to your competitor's, pen and paper in hand, and strolled the aisles noting their prices (so your store can meet/beat them), you might be asked to leave. Despite the fact that you are just writing down prices that are clearly there to be read.

Finally, various retailers, esp. car dealers, place "No wholesaler or retailer" restrictions on their best sales, even though their products are meant to be bought and other retailers may want to do just that.

It seems to me that analogous laws already exist. Just because something is available in the public realm it doesn't follow that anyone can avail themselves of it to any extent; at least not under current U.S. laws.
-----
D. Fischer

Re:Nice link, Hemos

[PollMastah]

This only proves that Slashdot really doesn't care to check a story before posting it. I don't see what's so hard about clicking on a link to see if it works? Or to see if it goes somewhere sensible? I mean, we're not even talking about checking facts here or anything. Why is it that something so basic as checking URLs seems no longer relevent to the Slashdot editors?! What are they doing now???

Sorry for this rant. I hate the downward trend of Slashdot recently. This wrong link almost made me give up Slashdot forever... there are better, less crowded, less trolled places around that I think I'll move to.