Slashdot Mirror
Confidentiality on Virus Sent Docs?
Sulka writes: "The latest Sircam outbreak has sent me a lot of documents from total strangers I've never heard of before. This led me to wonder what would happen if a trade secret doc from company X was leaked like this to me -- I guess the secret wouldn't be a secret anymore. But what's the legal standing of this? Is a virus sending a document the same as someone sending email accidentally to a wrong address? Could I send a M$ Halloween memo that popped to my address to the press?" I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.
grammer Cute! :-)
There is a FAQ on Trade Secret Basics at nolo.com. In particular, look at the question titled "What rights does the owner of a trade secret have?" I am not a lawyer, but I think it would be reasonable to assume that the SirCam virus would be covered by the line that talks about "people who learn about a trade secret by accident or mistake" (these people are not allowed to divulge the trade secret). So, I am playing it safe with files sent to me as the result of SirCam and just deleting them.
-----
Free P2P Backup, Windows & Linux
Actualy I disagree with that. Of course you have to teach ethics. And ethics is a much more complex subject that most people think. Ethics should be tought and thought about much more than they are are in the most of the USA.
If you don't write down and teach your rules for ethics how can you expect people to learn them and follow them. Ofcourse there are many ethical rules that are or should be rather obvious, like don't take bribes. But there are many others that are less so.
For example there was a case during the Shoah (Holocost) where a man could have bribed the germans to let his son off of a train to the camps, but if he did this somone else's son would have been put on to make the count. Would it be ethical for him to do this? Well Jewish Law states that infact it would not be ethical to do that. After all why should your son live at the expense of someone else. And this is not some theoretical argument of Rabbis debating the Talmud, this is a true story.
Now I will hope that none of us ever faces a choice like that (B''H), but that does not mean that ethical choices do not come up every day in our lives, we should think about them and talk about them and when we have children talk about them with our children so that our children grow up with values and I hope make a better world for their children.
Erlang Developer and podcaster
Under Jewish law (Its in the Talmud) You must return a lost object if it has a distinguishing mark, it has not been abandoned by its owner, and it has value. So for example if you found a $50 bill on the street you can keep it, as you have no way of knowing who it belongs to. Or for example you find a copy of a newspaper on a train, you don't have to return it as the owner probably left it there after reading it, so it counts as abandoned. Or for example if a bag of rice falls and breaks and scatters all over the place then it really does not have value. (After all its all over the floor).
On the other hand if you find a wallet with some ID in it, then you should probably return it, as you can know who owns it. Unless you can be reasonable sure that the owner has no hope of finding it again, for example it just washed up on the sea shore. There are a few more rules. I don't remember which tractate of the Talmud this is all in but my Rabbi gave a class on it a while back.
So in that case, if you can figure out who owns the Jewelry some how (Say its in a box with a name) you should return it to them. On the other hand if its box with no name and some gold and dimonds you can reasonably keep it.
If this comes up in real life consult a Rabbi over my post, my memory may be wrong on a detail here.
Erlang Developer and podcaster
The difference is that in the Shoah case that someone would die was not in question. Only who it was going to be. The SUV issue is much less clear cut. If I drive a SUV (I don't) and I hit you, then its not that you will die and I won't its that you have worse odds than I do. Somewhat different issue.
There are other issues I have with SUV's but they are not relivant here.
Erlang Developer and podcaster
No it isn't. You have to provide personal information in order to sign up, that's a cost, because people pay money for this kind of valuable information. You have to endure ads in order to read your email, that's a cost because it pollutes your brain.
--
PubCam is a small Perl script which extracts any SirCam attachments, removes the virus, and produces an index.html listing the files, the sender, and the date header from the mail in question. This makes it very quick and easy to put up a web page of your SirCam spoils.
Beware, though, hosting services such as Tripod don't like it very much!
--
My guess is that if you get an email containing sensitive information from somewhere in the United States then it is legal for you to publish it. Of course, I don't know where you live, or have any idea of the laws in your country, but that doesn't stop me from making things up...
In case you hadn't noticed, this particular Ask Slashdot dealt with a legal question. As such the answer depends on your jurisdiction. The answers to legal questions like this quite often vary from state to state, and even from county to county. They certainly vary from country to country. This sort of discussion might not be helpful if you live in Communist China, where you probably have little influence on local laws, but it's at least somewhat germane to anyone who lives in any sort of republic or representative democracy, because the comparison of foreign and domestic law often reveals loopholes that one might wish to avoid in their own jurisdiction.
I imagine that you also have a say in the creation of your local laws (scary as that may seem), and so the quote mentioned above also applies to you. That makes you an official amateur lawmaker, so you might want to become informed a bit. Barring that, you might want to push the back button on your browser and perhaps read a different article if you don't want to discuss an issue that is primarily going to reflect /.'s US audience.
On the other hand, it is possible that you live in some forward-thinking country where they don't have anything as backwards as law. In that case, flame away.
score order has nothing to do with the validity of the opinions.
Fall into two general categories..
1) Indoctrination so you'll be nice to corporate
interests
2) Review of different ethical systems and their
foundations
I suspect by your phrasing that you mean the
first. A code of ethics isn't something objective
that one can learn.. I recall, when I took a
course on ethics when I was an undergrad, we did
debates, and I managed to sway about a third of
the class to the position that intellectual
property is philosophically invalid. Fun.
For every problem, there is at least one solution that is simple, neat, and wrong.
John.
For those people using Solaris (or any other *nix with a "dd"), here's how to strip the "virus"
part of the attachment away from the "document"
part, so you can safely view the documents:
dd bs=512 skip=268 if=infected.filename.ext of=disinfected.filename
Fair enough -- but if procmail is working as advertised and you route the data to the bit bucket, I don't see how you'd know how much you get in spam/forwarded viruses.
Procmail logs, naturally. It logs message size even when bit-bucketing.
Of course, by the time it hits procmail, you've already paid for the bandwidth (unless you have mail delivered to a server with procmail outside the net you pay for bandwidth).
All those stupid notices do is communicate that whoever resposible for them has poor grasp of this area of the law and/or is trying to bs folks into playing along.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Anybody have any info on why this hidden article is hidden? Is this a frequent occurrence?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
What censorship section? I went to preferences and the only choice is to *exclude* stories about censorship but I don't have that checked, I don't have anything checked for exclusion.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Since this is probably a one story per week kind of thing, why should I have to keep checking everytime I'm online? Why can't I have those stories show on my version of the main page? For that matter, why can't I have *all* stories show on the main page even if only as an entry in a slashbox? And shouldn't these censorship stories be in the Your Rights Online slashbox anyway?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Well your honor, he emailed the trade secrets to me and requested my advice!
Really!
-----
No, UCITA has provisions against unconscionability. If a term in the "contract" is unconscionable, then it's struck. Unless they were peculiar, no one would knowingly agree to have their computer ransacked by untrustworthy code.
Trouble is, unconscionability is usually determined by a court (read: arduous and expensive).
Schwab
Editor, A1-AAA AmeriCaptions
You oughta be glad you don't get paid for your procmail skills.
Potato chips are a by-yourself food.
He isn't asking about the moral issues, he wants to know the legal aspects - these are not always congruent, you know.
I vaguely seem to remember that where I live (sweden) you are not free to redistribute or publish stuff that's gotten into your hands by mistake if the stuff is clearly sent to you by mistake or is obviously confidential. We've had some incidents where hospitals or social services have faxed journals and other files to private citizens by mistake, and I think that was the result of those incidents. Note that you are not required to destroy the documents, or alert anybody that the information's got astray, you just aren't allowed to spread it around.
/Janne
Trust the Computer. The Computer is your friend.
As far as I have been able to determine, if you have the information it is yours to do with as you like. There are several court cases where people have come into possession of otherwise private information and were free to publish it. The Supreme court has been somewhat consistant about that in recent years. It is a first amendment thing. If you come by information through an illegal act that you did not commit or encourage to commit, then you can do whatever you want with the information. Witness the poor union negotiator who had his cell conversation taped and later played on the air.
Contract law, btw, requires that all parties sign, or otherwise agree to the contract. With this virus, there's no such agreement between the recipient and those who wish to keep the information private. It would be very hard to prosecute someone for disclosing this information, except maybe a copyright claim which would only protect the instance of the information, not the information itself.
The infected sender might be extremely liable, or not at all. It all would hinge on wheather or not it was possible to take reasonable steps to ensure that such unauthorized disclosure would be prevented.
Bottom line: You can tell people whatever you want to about this. Posting actual documents may expose you to a copyright action (since all documents are copyright at birth), but that would not preclude you from posting summaries.
1) the consumer never signed any contracts
Indeed he did! Every time he made a purchase he signed a contract, parties to which include the merchant, the bank, and the purchaser. You agree to pay when you make the purchase. If the merchant doesn't get this agreement, it's his fault and he should take the loss.
This language has been part of the credit card receipt since at least the 1960's; it's not a recent development.
Now, do you have a cite where we can research the
"banks many years ago" who took losses from unsolicited credit cards?
-fb Everything not expressly forbidden is now mandatory.
>When you sign the piece of paper to buy
>something you say
"I agree to pay above total amount according to card issuer agreement."
That "card issuer agreement" is an ironclad contract that I doubt anyone could squirm out
of paying, at least not on simple questions of semantics.
Now, this is NOT something that just came about
in the last 2 decades! Even the debit card is
not new, just far more common today. The merchant
agreement and banking procedures have not changed
in any substantial way since the 1950's. Certain
trappings around the way we use card-based payments have changed; notably the incredibly high
interest rates on consumer loans, and of course the instantaneous accounting of the transaction
by modem. The ATM is new (since the late '70s, then common in the 80's, now *everywhere*), but
the business model is not.
Until a recent purge of old crap, I could have produced credit card receipts from the '60s to
compare the language of the fine print. It would
be interesting to compare the language on credit
applications also, but I assure you they haven't changed much, except in superficial ways.
-fb Everything not expressly forbidden is now mandatory.
So, it's the company owning the infected computer that's responsible for sending it's secrets out.
--
He didn't say ethics laws, he said ethics.
Any society that doesn't teach it's ethics will only have them for a single generation.
You need only look around your neighborhood (assuming you're in the US) to see that I'm right.
-
Oh the irony... complaining about ethics, and then offering a link to OpenBSD ISO's in the .sig...
No, irony is thinking it's OK to distribute images of commercial music CDs, but not OK to distribute privately-created CDs of Open Source software.
In fact, if the former is OK, then it should be OK to put images of the official CD up on Napster.
-
I hate that damned disclaimer. I regularly see it appened to email in mailing lists, and it's always a struggle for me not to respond to the guy that, no, I wasn't the original recipient, and he'd probably better check next time before he sends "proprietary and confidential" info to, say, the Pink Floyd mailing list.
I know that many businesses have such disclaimers automatically tacked on by a server or gateway, but that doesn't make it right. If it's legally binding, then it's legally binding for EVERY email on which it appears, in which case, it shouldn't be on the public mail forums. If they can make a case that the disclaimer doesn't apply there, then, well, why can't I make a case that it never applies?
Anyway, just a pet peeve. :)
And that's probably just from a half dozen attached MSWord interoffice memoes that could have conveyed the same information in, oh, about 20KB of plain text per document, right?
Can't anyone write a simple memo or office communication without using four different fonts and imbedded graphics any more? Some of the impact of things like SirCam are because of the feeling that many office workers have that their memoes won't be taken seriously unless they demonstrate their prowess in MSWord. Apparently they feel that, by not taking advantage of most of the available word processor options, their memo won't have the pizazz necessary to get their coworkers to stop leaving the empty coffee pot on the burner.
Anyway... Does anyone know whether SirCam is pulling documents out of the default document location or is it scanning the entire hard disk for `*.doc'? If it's the former -- and without having read details on how SirCam works, I'm betting this is the case -- companies can limit their exposure by making sure that employees do not keep company confidential material in the default document directory. Or better yet, prohibit those documents from being stored anywhere but on a central file server and never on someone's unsecured desktop and definitely never on a laptop. Unless the company's management doesn't care if their strategic plans were on a stolen laptop, that is.
--
CUR ALLOC 20195.....5804M
Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets. If they delete it, no problem, if they keep it, big illegal problems.
That's fine for people who sign your contract. But what if the info is sent to someone who didn't sign your contract?
This appears to be the question being asked in this Ask /., getting info from "a lot of documents from total strangers I've never heard of before."
Steve M
Either way you slice it, there aren't any really difficult questions.
Perhaps not, but they miss the point.
The point of the original question was, if I recieve confidential info from someone I do not know because it was sent to me (in this case specifically due to a virus), are there any legal ramifications to me using or publishing that info?
I do not care what happens to the 'sender'. I don't care who was 'negligent'. I have not signed a contract dealing with this info. I do want to know what can happen to me.
Well, there's only two ways the info can be sent to someone who didn't sign the contract: ...
This is not true. Alice has signed the contract. Bob has not, nor is he the owner. Cindy has not, nor is she the owner. Alice sends it to Bob. Bob sends it to Cindy. Cindy, has received it from someone who is niether the owner nor signed the contract.
There are of course other ways that someone who is neither a contract signee nor an owner of the document can receive it from some one who is not a signee nor owner. I'll leave determining them as an exercise for the reader. (Some hints: Dave is a burglar, Ed is a publisher, Fay is a dumpster diver, ...).
Steve M
Hmmm... (standard IANAL disclaimer) ...
Chapter 119 talks about intercepting electronic communications. But in this case I did not intercept it, it was sent to me. Thus it would appear that I am a party to this communication, albeit an unintended one.
Chapter 2702 refers to service providers. I am not a service provider. So this would not seem to apply to me.
Chapter 605 reads in part: Except as authorized by chapter 119, Title 18, no person receiving, assisting in receiving, transmitting, or assisting in transmitting, any interstate or foreign communication by wire or radio shall divulge or publish the existence, contents, substance, purport, effect, or meaning thereof, except through authorized channels of transmission or reception, ... (bold added)
The information was sent to me through an authorized channel, email. So this doesn't seem to apply to me either.
It seems these laws refer to either those involved in the transmission of electronic communications or those attempting to intercept such communications. It is not clear that they apply in the case whiere I am the addressee of an email.
Perhaps some one who IAL could provide more insite.
Steve M
I assume from your answer that you imply that ethics would prohibit you from ever disclosing such information (regardless of the legality of said disclosure).
Let's say it's 1942 and Adolf Eichman's transcript of the Wannsee Conference is accidentally faxed to you. Since you took an ethics course, I will assume that you would not be in favor of the Final Solution. Do your ethics continue to compel you into silence?
-- Don't Tase me, bro!
dd if=virus.doc.pif of=clean.doc bs=1 skip=137216
True, but copying byte by byte is really slow. I'd increase the block size to something like 8 or 16K to make that operation a lot faster.
Should using Microsoft Outlook be considered an "attractive nuisance"?
This has nothing to do with hsi friends being stupid. It has to do with getting email from people he does not know, that has attachments.
I got one the other day from someone I don't know. It was a word doc attachment. I'm just glad I use Linux and don't have word or anything loaded on my machine to read that crap.
I don't want a lot, I just want it all!
Flame away, I have a hose!
Only 'flamers' flame!
If a document is stored on a computer that is known ahead of time to be virus-friendly then I think it's pretty clear that the owner/use of that computer is not exercising due dilligence in protecting that document. It's not like it's a one-time accident. Everyone should know by now, Melissa and ILoveYou were a long time ago.
People who select Microsoft products should be held accountable for the consequences of their choice. If you lose your secret due to someone else's gross carelessness, sue 'em back to the stone age. If you obtain someone else's secret due to someone's gross carelessness, well... you'll have to evaluate the situation.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The best ethics aren't passed on. They're derived from Game Theory.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
And if the virus were written to reverse the characters in every occurence of "without" and to rot13 every occurence of "consent"? Would that still suffice? (Of course, I'm assuming that it's a text file. Otherwise it might be too difficult for a virus.)
Or what if the virus encrypts the files that it sends, perhaps with zip or bzip? (That is certainly as secure as rot13.) Then whose rights are violated if you check on what has been sent to you?
Our current set of laws is totally lunatic. The people who wrote them should be confined in Bedlam (and be chained to the walls, as was traditional).
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
Just what we needed :-( , another idea for a virus. And one that will appeal to some. We can only hope that it isn't successful. There are much better ways to use the bandwidth.
Caution: Now approaching the (technological) singularity.
I think we've pushed this "anyone can grow up to be president" thing too far.
Even the free Lite version will open anything.
I'm a smug Mac user, running Eudora 4 no less, and the only thing that's been sent to me was a Windows shortcut! "blahblah.ext.lnk" or something similar.
.pif were Windows 3.1 files that ran DOS programs.
Pope
What? Bear is driving car? How can that be?!
It doesn't mean much now, it's built for the future.
<sig>Guvf vf abg n frperg zrffntr
<sig>Guvf vf abg n frperg zrffntr
Can someone explain to me how this spreads? I too have got lots of emails from strangers. (Although the first one I received was from someone many Slashdotters will have heard of, which confused me for a while.) I thought the normal thing with mail worms was that they would spread to people in your address book -- but I don't suppose I'm in many of these people's address books.
11.0010010000111111011010101000100010000101101000
Well, the legal "experts" on www.askme.com haven't even graduated from high school. I'd say this is a step up.
-- these are only opinions and they might not be mine.
I'm the tech director at a small private school. Several of the faculty decided to open unexpected attachments (despite my advice to the contrary), finding that they "couldn't open the files properly." However, the virus still infected the host system and had to be cleaned. Basically, in my experience, the documents have been modified (they're .pif file extensions with the name of a local private document) and are not the actual document itself.
1 gigabytes of files? Sounds like you need some new friends if they don't know they're sending all that crap to you!
The only virus/virii i have seen is the snow white and the seven dwarves that hit all the oracle consultants on a weekly basis.. other then that, nothing.. nada..
Too bad SirCam isn't an Outlook virus. It's an executable, smarty-pants.
IANAL, but the general rule is that precautions must be taken to perserve secrecy. There are two types of precautions: security and confidentiality. In one court case, the judge did not remove the trade secret status of documents even though the plant they were in had no guards, security systems, or locked storage. I would doubt that a judge would say that the lack of an effective virus scanner is lax security. The confidentiality precaution can be met if the document is marked confidential or secret.
In another case,however , a company sold an old computer with confidential data encrypted on it. They forgot to erase the harddrive. The person who bought the computer found out the password from a previous employee, and got to the information. The judge ruled that they forfeited protection by not erasing it.
Come play Heroes of Might and Magic Mini online.
This report has been prepared by the division, group, subsidiary or affiliate of UBS AG ("UBS") identified herein. In certain countries UBS AG is referred to as UBS SA, which is a translation of UBS AG, its registered legal name. UBS Warburg is a business group of UBS AG. This report is for distribution only under such circumstances as may be permitted by applicable law, including the following: This report has no regard to the specific investment objectives, financial situation or particular needs of any specific recipient. The report is published solely for informational purposes and is not to be construed as a solicitation or an offer to buy or sell any securities or related financial instruments. The securities described herein may not be eligible for sale in all jurisdictions or to certain categories of investors. The report is based on information obtained from sources believed to be reliable but is not guaranteed as being accurate, nor is it a complete statement or summary of the securities, marketsor developments referred to in the report. The report should not be regarded by recipients as a substitute for the exercise of their own judgement. Any opinions expressed in this report are subject to change without notice and UBS is not under any obligation to update or keep current the information contained herein. UBS and/or its directors, officers and employees may have or have had interests or long or short positions in, and may at any time make purchases and/or sales as principal or agent, or UBS may act or have acted as market-maker in the relevant securities or related financial instruments discussed in this report. Furthermore, UBS may have or have had a relationship with or may provide or has provided corporate finance, capital markets and/or other financial services to the relevant companies. Employees of UBS may serve or have served as officers or directors of the relevant companies. UBS may rely on information barriers, such as "Chinese Walls," to control the flow of information contained in one or more areas within UBS, into other areas, units, divisions, groups, or affiliates of UBS.
Options, derivative products and futures are not suitable for all investors, and trading in these instruments is considered risky. Past performance is not necessarily indicative of future results. Foreign currency rates of exchange may adversely affect the value, price or income of any security or related instrument mentioned in this report. Clients wishing to effect transactions should contact their local sales representative. UBS accepts no liability whatsoever for any loss or damage of any kind arising out of the use of all or any part of this report. Additional information will be made available upon request.
EEA: This report has been issued by UBS Warburg Ltd., regulated in the UK by the Securities and Futures Authority. In the UK this report is for distribution to persons who are not UK private customers. Customers should approach the analyst(s) named on the cover regarding the contents of this report. For investment advice, trade execution or any other queries, customers should contact their London representative. Switzerland: This report is being distributed in Switzerland by UBS AG. Italy: Should persons receiving this research in Italy require additional information or wish to effect transactions in the relevant securities, they should contact either Giubergia UBS Warburg SIM SpA, an associate of UBS SA, in Milan or UBS Warburg (Italia) SIM SpA, a subsidiary of UBS SA, in Milan or its London or Lugano Branch. South Africa: UBS Warburg Securities (South Africa) (Pty) Ltd. (incorporating J.D. Anderson & Co.) is a member of the JSE Securities Exchange SA. United States: This report is being distributed to US persons by either UBS Warburg LLC or by UBS PaineWebber Inc., subsidiaries of UBS AG; or (ii) by a division, group, subsidiary or affiliate of UBS AG, that is not registered as a US broker-dealer (a "non-US affiliate"), to major US institutional investors only. UBS Warburg LLC or UBS PaineWebber Inc. accepts responsibility for the content of a report prepared by another non-US affiliate when distributed to US persons by UBS Warburg LLC or UBS PaineWebber Inc. All transactions by a US person in the securities mentioned in this report must be effected through UBS Warburg LLC or UBS PaineWebber Inc., and not through a non-US affiliate. Canada: This report is being distributed by UBS Bunting Warburg Inc., a subsidiary of UBS AG and a member of the principal Canadian stock exchanges & CIPF. A statement of its financial condition and a list of its directors and senior officers will be provided upon request. Singapore: This report is being distributed in Singapore by UBS Warburg Pte. Ltd. Hong Kong: This report is being distributed in Hong Kong to investors who fall within section 3(1) of the Securities Ordinance (Cap 333) by UBS Warburg Asia Limited. Japan: This report is being distributed in Japan by UBS Warburg (Japan) Limited to institutional investors only. Australia: This report is being distributed in Australia by UBS Warburg Australia Limited in relation to fixed income securities, and UBS Warburg Australia Equities Limited in relation to equity securities. New Zealand: This report is being distributed in New Zealand by UBS Warburg New Zealand Ltd in relation to fixed income securities and UBS Warburg New Zealand Equities Ltd in relation to equity securities.
+ 2001. All rights reserved. No part of this report may be reproduced or distributed in any manner without the written permission of UBS. UBS specifically prohibits the re-distribution of this report, via the Internet or otherwise, and accepts no liability whatsoever for the actions of third parties in this respect.
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
-- Help Digitise the Public Domain at DP.
Too bad the virus seems to have been patched up. I'm not getting sent random files anymore :( But it was rather fun reading through the crap that people store on their harddisks. I just wish I got something more interesting. All I got was a bunch of word files containing poetry and a newsletter for some club. I can see some REAL potential fun with this though if more interesting files were sent.
Since we're currently discussing the legality of this, someone who's brave enough should set up a repository for files we've received and who we received them from, with cross reference links, etc. If someone was infected, theres a good chance that a large quantity of the data stored on his harddisk is available to the internet at large. If all this information was displayed publicly (LEGALLY even), what a nice incentive to switch to a less virus prone operating system.
-Restil
Play with my webcams and lights here
I think that real-world analogies are a good way to determine the proper way to treat a cybercrime, but unfortunately some of the real world laws are rather loopy.
For example, if the neighbors kid trespasses onto your property and drowns in your pool, then YOU are to blame (in NY/CT).
If I've invited someone to my home, then IMO it's only reasonable if I'm liable for any accident they have have if it's a result of gross negligence on my behalf or failure to warn them of some non-obvious danger. However, if someone slips on ice on my property, then I can't see how you can reasonably claim that to be my fault - if the weather is icy then YOU take care (similarly if coffee is hot at McDonalds YOU should take care).
American law seems to assume by default that you can sue someone if you have an accident on their property, or using their product, regardless of whether this was a result of negligence on your behalf or whether it was simply bad luck or stupidity on their part. Only in America does a metal ladder need a warning against resting it against power lines - in the rest of the world people know better, and accept the consequnces if they fuck up - their reaction would be "I can't believe I was so stupid!", not "Who can I sue for this?...".
Only in the World of Windows would adding 137kilo-bloat to a word processor document be considered "stealthy."
Ethics don't last as long as a single generation anyway. They're always changing, always evolving.
Bzzt. Carl is limited in what he can do, because he doesn't own the copyright to the document. So no, he can't publish it without violating that copyright. But copyright won't prevent him from showing it to other people, or publishing a fair use subset of the document.
The word he's looking for is NOT 'consideration' or 'quid pro quo'. That's something very different - the idea that all contracts must offer something of value to all parties. It may only be "$1 and other considerations," but there has to be *something*.
As a counterexample, the Microsoft tax arguably violates that since I'm forced to pay for a software license of absolutely zero value to me, a software license that I can't even transfer to another party due to their "OEM license vs. retail license" provisions. I'm out hard cash, and have nothing of value (to me) for it. But it's a large corporation that's able to *ahem* make its own law.
What the original poster was refering to is closer to "informed consent," but even that isn't quite right.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Many years ago, banks actually sent out unsolicited credit cards.
Not pre-approved credit card offers, actual working credit cards.
Some people used them, charging to the max. Then refused to make any payment, daring the bank to collect. The banks tried, but failed since 1) the consumer never signed any contracts and 2) the bank had no reasonable expectation that every credit card would be properly delivered and not stolen from an unlocked mailbox.
Ironically, it was the people who refused to make any payments who got away with this. Make any payment, even a dollar, and you clearly indicated agreement to repay the charges.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
You cannot forward a document to a stranger and then legally bind that stranger to behave according to the content of that document. Not in the USA.
At least not without a click button...
Yes, there are secret lawyers on Slashdot. Really.
I do agree that posing these questions to Slashdot in general is rather silly. I've attempted once to volunteer to provide a "not a legal opinion" opinion on legal questions (specifically intellectual property, since that's my area of expertise)... but I never got a response. I think in general Slashdot prefers inane rants to reasoned opinions.
Thalia
Oh, in case you were wondering, you should delete the files that SirCam sent to you. You can be held liable for disclosing a trade secret. Odds are, however, that no jury would convict you. Still, it's an expensive/painful process, so unless the information is valuable enough that you're willing to risk jail time, just delete it all.
AFAIK, viruses are still legal. It's only the use of them which is illegal.
IIRC, pif files are text, emacs should handle it. Com files are executables, you'll need a disassembler AND emacs to view them.
Best Slashdot Co
And I am writing contracts which say 'all your base are belong to us'.
You can write 'em how you like. Just don't expect a court to enforce 'em.
I'm old enough to remember when discussions on Slashdot were well informed.
Now that [MS] documents can distribute themselves automatically, can we finally truely say that "information wants to be free" ?
But I am an FCC engineer. FCC engineers are required to know the relevant laws. From time to time, these questions pop up for international companies wanting to do business in the states and europe. The CISSP also requires knowledge of the legal aspects of sysadmin or security personel who may receive electronic communications not intended for them.
The relevant parts of US Federal Law are contained under the Code of Federal Regulations, also known as the U.S. Code, part 47 covers telecoms and the FCC and part 18 is criminal laws and punishments
18 USC 119 bars the disclosure of any electronic communications to which you are not a party
18 USC 2702 defines the criminal act of disclosing intercepted communications
47 USC 605 (the Communications Act of 1934) also bans the disclosure or use of third-party communications.
There are similar laws here in Europe, but I can't find any of those bookmarks. If anyone is interested, google yourself.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
The GCC development lists get this kind of thing a lot. Occasionally someone will suggest blocking emails originating from these kinds of auto-appended, shit-fer-brains mail servers. The idea seems to be gaining more and more support, especially considering that everything sent to the lists is archived forever.
The trick of course is to filter (and bounce with a helpful note) such messages /before/ distributing them.
Hmmmm... on a related note, many of the *-bug@gnu.org mailing lists have all kinds of crap stored in their archive, because RMS forbids the gnu.org admins to do any kind of spam filtering on the lists. (Go check out, say, the archives for gdb-bug.) The main lists at @gcc.gnu.org are filtered, but the ones at @gnu.org are not. If some proprietary information is sent to one of those @gnu.org lists, they could be in trouble.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I'm gonna ask again. Has someone setup a website of received documents(non-confidential or what not) via the virus? There's gotta be some juicy stuff from a Senator or something.
those are both flawed.
When the jewelery is sent/stolen from the store, then there is no longer jewelery at the store.
Maybe if the thief made COPIES of the jewelery and sent the copies.... ?
I think you're right, except I strongly dispute your use of the words "Public Domain" in the Subject: headers
If the document contains "company confidential" information, such as a trade secret like the formula for Coke, you may argue that you obtained it legally, because the sender, umm, sent it to you, even if not knowingly, and you may be free to republish that trade secret. (Interesting aside -- the Berne convention may well protect, by default, all such documents. You may be free to transcribe the trade secret in your own words, but republishing coke_formula.doc would be in violation of Coke, Inc's copyright over the "work" of its employee, even if the "work" was just a company internal memo.)
If it's material nonpublic information ("insider information") on a company, the instant you read it, you become an insider under SEC regulations. Any gains you make while trading based on this information are illegal, and the SEC can (and should) come down on you like a ton of bricks.
If it's classified information (i.e. in the .gov sense of the word, not the corporate sense of the word), you have a legal obligation not to disseminate it, you probably have a legal obligation to stop reading when you discover that it's classified, and you may even have a legal obligation to delete it (and to delete it as securely as you can), once you've stopped reading it.
Which leaves open an interesting question for you .mil and .spooky types out there -- while recipients are clearly "better off" (in the sense of "less risk to themselves from pissing off three-letter agencies by exposing their pointy-haired-bosses as clueless") by just deleting it (albeit securely), do recipients have any obligation to report the leak, and if so, to whom should it be reported? (The Catch-22 is that if you don't have clearance for the information, you probably don't have clearance to know to whom you can report it without further compromising security! Do you just put on your Groucho Marx glasses, run to the nearest U.S. embassy, and frisbee the disc over the wall? :-)
All three SirCam risks ("company confidential", "insider information", and "classified") extend to more than just today's virus/worm, BTW. Just about anyone buying a used computer or laptop runs the risk that the machine was improperly wiped, and that they may come into posession of information they wouldn't (and shouldn't) ordinarily have access to.
In a previous Slashdot post, I was in a very paranoid mood, and I speculated that this is precisely what the author of SirCam intended.
I'm reserving judgement on whether I was "being too paranoid" or "not being paranoid enough" until we find the author.
Obvious T-shirt fodder:
"My Ethics prof was so convinced he was doing a good job, that he didn't monitor the final exam, which made it real easy for me to get an 'A' in the course by cheating!"
yes.
arguably, bob has been negligent in letting his computer be infected. A very clear analogy is Bob keeping the confidential documents in a physically insecure place, where a casual visitor can easily read them.
It is then up to the courts to decide to which extent Bob has been negligent. Has he been negligent in running an OS which is known to have many security holes? Is he responisble for keeping it secure?
Guru Bruce Schneier predicts that computer security will only become a concern for people like bob when their insurance premiums and legal risk of prosecution hurt them where it counts.
This is a commonly recurring theme on comp.risks (well recommended for friday afternoon reading).
I'd love to hear what the lawyers say to this one.
This topic came up at our local 2600 meeting last month. How about a handy little program that says, buried in the EULA somewhere, that the user is solely responsible for traffic generated by his machine. Then the program turns out the be the zombie for a massive DDoS, and once everyone's installed it, it turns around and nukes someone.
Better yet, mail checks to universities that say "by depositing this check, you agree that it constitutes total payment for any information technology and computing resources that the issuer(s) may use, and you grant license to the issuer(s) to use said resources for whatever purpose they see fit". Cut a few thousand checks for $1 each, then go root whoever cashes them. AT&T, eat your heart out.
The more I think about this, the more I like it. My musical tastes are pretty broad already, but they could be a lot broader. I could set up an email address just for this, then I'd post my address on some list of "victims", and we'd all put each other in our Outlook address books.
It searches your drive for files with "metallica" and "mp3" in the name, then emails them everywhere :)
Can you imagine a beow*LART* okay, I guess not.
None of the sircam messages I've received are from people I remember ever corresponding with. A number of them are sent to auto-collected (spam-bot) E-mail addresses I leave trailing around to see how long it takes for them to get picked up.
- Michael T. Babcock (Yes, I blog)
Odd supposition ... since the hard-coded addresses seem to be the Whitehouse and Pentagon ... but wait ... ;-)
- Michael T. Babcock (Yes, I blog)
Although I was confusing the addresses with Code Red, I wouldn't think it difficult to produce a worm that appeared to mail random documents while scanning for keywords and E-mail specific documents to specific people on purpose as well.
- Michael T. Babcock (Yes, I blog)
Ethically, it's a no-brainer. They're trade secrets, they were revealed to you by accident, so forget that you ever saw them.
Legally (IANAL but I spend too much time talking to them), the company that owns the trade secrets is obligated to take reasonable precautions to protect them, or they lose their status. For example, if you leave documents laying around in public places, they are probably no longer legally secrets. Given Outlook's history, I am not sure that storing the documents on a machine with Outlook loaded meets the test of a reasonable precaution. It would be an interesting case to argue, especially if copies were delivered to dozens of people...
I sign a lot of non-disclosure agreements and there is always a clause along the lines of "must take reasonable care to prevent accidental disclosure blah blah blah..." Appropriate virus protection seems like it would be covered under reasonable care so failure to block the virus could make you liable for releasing the information under an NDA, I think. If the document were clearly and obviously confidential I suspect the receiver could be liable for damages if they took some active part in disseminating the document. Just receiving it and deleting it should be safe.
However, IANAL.
Sircam is a circumvention device that clearly is aimed at violating technological protection measures (your computer's filesystem secutiry) that control access to copyrighted works and that facilitate copyright infringement (unauthorized sending of files is copyright infringement).
The DMCA text bans distribution with no reference to whether this is knowing or intentional.
I would therefore argue that all victims of Sircam have violated the DMCA by sending the circumvention device in their outgoing mail.
Moreover, anyone who uses the TPM in question (Microsoft OS) and stores copyrighted documents (anything you author is copyrighted) in their "My Documents" folder has a cause of action.
As for trade secrets, misappropriation only occurs when the transfer occurs in violation of a duty of confidentiality. Since the receipiant did not aide and abet or even encourage the document's transfer, I don't see any way to attach such a duty to them. Additionally, since the document in question is essentially an attack, the doctrine of unclean hands should prevent the upstream party from suing the downstream party for what is essentially the upstream party's negligence. The virus author did misappropriate the trade secrets since there is a duty not to break into computers.
(Yes, I know the address next to my name is @hotmail.com, but I've never once received a message that wasn't SPAM or a one-time registration info message.)
---
Linux: The world's best text-adventure game.
Moreover, the sig would not even appear on the viral mails. Sircam doesn't use any mail client to send itself to its recipients; it connects directly to port 25 of the mail server. Outlook (if installed) is only used as one among several sources of addresses. The only thing that would work is a blurb appended by the server, rather than a plain old client signature.
Say no to software patents.
It could however go directly to the recipient's server. However, that possibility is blockable by a firewall, which would block all port 25 traffic except from/to the company's mail server.
Say no to software patents.
The Uniform Trade Secrets Act (adopted in the majority of states), says that if you acquire information by accident or mistake, and have reason to know it is a trade secret (e.g., because of a confidentiality legend, or even just because the information *looks* like the type of information that is usually confidential), then a legal duty of confidentiality may attach. This principle can apply to misdirected emails, faxes, things falling off of trucks, whatever. The same principle also applies as a matter of "common law" in most of those states that have not adopted the UTSA.
So, no, virus-spread documents cannot be considered liberated from trade secret restrictions, simply because they are zipping around uncontrolled on the Net as a result of the virus. But you would have to know the actual circumstances and contents in order to decide in any given situation if at the end of the day trade secrecy really applied.
Several of the companies I've worked for are trying to require users to have a .sig that automatically attaches the legal blurb to every email. I doubt they intended for it to prevent the loss of proprietary information due to viruses, but it's a nice side benefit. ;-)
However, I've always tried to fight this "requirement" for all email. Sure, it makes sense if I'm actually attaching a document that could have IP or whatnot, but if I'm sending an email that says "Hey, let's go for beers after work" I really hate having a legal disclaimer attached to it. Especially when the disclaimer is longer than the message.
It's got the document embedded in it. If you remove the first ~137k you'll get the document. Somebody else posted the exact number of bytes. Or you can just open it in your favorite text editor and browse through it.
So far I've gotten portions of the Lord of the Rings, some kid's essay on trains, and several other things. Nothing really fun though.
Try searching on gnutella for "resume.doc" or "letter" or ".xls". Apparently many people use gnutella at work and set it to share C:\.
.DLL files in various versions of windows, to find a gnutella host sharing everything, and then do the "list all files on this host" thing to look at the user's personal files.
For about a weekend or so it was a sport with me. I downloaded a ton of stuff I am sure was not meant for the public -- there was a breakup letter where the writer stoped midsentence and types "aw fuckit i'll stay with her" (but then for some reason saved the letter ? don't ask me). I also found some business oriented xls files and ppt files. Most interesting was the fact that you could find what I think were people's outlook and eudora mailfiles, those inbox.dbx things. I have no idea how to view those.
Anyway, I got bored and moved on to other shit. The best thing I found was a file called either "private.txt" or "secrete.txt" which looked like the following:
SSN: #########
PIN(ATM): ####
PIN(VISA): ####
WellsFargo: user/passwd
yahoo: user/passwd
(a university student network domain): user/passwd
So I guess this guy decided to consolidate all of his sensitive info into one place, decided to put it on a computer, and then accidently shared it with the whole fucking internet.
I wanted to try the yahoo user/passwd just to see if it was real, but at that point I stopped and thought and decided that actually using the information people were inadvertendly sharing to snoop information they _weren't_ inadvertently sharing was probably where the legal/ethical boundary would be crossed. I never sent email to the yahoo address or the university one because I was afraid of being accused of being a hacker. The sad thing is that my gnutella client automatically moves completed downloads to the shared directory, so it is possible I further shared that file with others before I deleted it.
If there were some way you could filter your gnutella search results on IPs belonging to cable/DSL users in the DC area, or by those belonging to employees of a particular company, etc, then you could really do some damage.
I talked about this with other people and some of them apparently search for the names of
So I guess the moral is, make sure your friends know how to configure their gnutella clients correctly.
As some suggested, "What if you write that displays a EULA before causing damage?". Since the UCITA gives a lot of power to EULAs, it might be legal. Now if there appears tons of such virii (and you can't presecute the writer, some people are going to like that), the only way to fight that could be to dump UCITA... Of course, it's a bit far fetched, but how knows?
Opus: the Swiss army knife of audio codec
...but I *do* get to deal with this on a more-or-less daily basis these days.
According to the lawyer types I work with, it's more or less the same as if a fax went through to the wrong number. They are prohibited from disclosing the information if there is a legal blurb on the bottom of the page or wherever that says so.
I never thought I'd see the day when I'd welcome more legalese on documents... but any sensitive documents should really have that blurb, quoted (well, mostly) here:
In the case of financial documents, which is what I concern myself with, the use of them for gain is tantamount to insider trading and is a Bad Thing for He Who Gets Caught.
Zaphod B
Zaphod B
When duplication is outlawed, only outlaws will have
Actually....
Ethically speaking, you would never find out what happened at the Wannsee Conference, because as soon as you realise that it was sent to you in error, you would destroy it - without even reading it yourself.
This assumes of course that your standard of ethics values personal privacy very highly. Then again, what if you discover the contents of the document while trying to ascertain the origin and to verify that you were not the intended recipient?
-Steve
"I opened my eyes, and everything went dark again"
Of course....
Lets say company X is a mial order business, screws up an order and sends me the Widget that you ordered, when I havn't actually ordered anything at all from them.
Guess what? The widget is mine, and I don't have to pay for it. They still owe you a widget of course, and have to send you one, but I am under no obligation to pay them, or return the widget.
This may not work outside of the US, but thats the precedent here. Things that are sent to you in an unsolicited manner become yours, and no further obligation can be placed on you.
A perfect exampl eof this is a few months back when I ordered a bunch of stuff form thinkgeek. They sent my order twice - once almost exactly one week after the first one arrived.
Now, being an ethical person, and being a person who LIKES thinkgeek alot, I sent the second package back to them. However, I would have been well within my rights to keep it and not have them charge me for it a second time.
-Steve
"I opened my eyes, and everything went dark again"
>But when it did, I wrote them and they restored my account back to a certain date. I got all of my stuff back.
I've tried writting them, they haven't responded -- but, it's only been three days, much to quick for Microsoft.
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
> Serves ya right for using hotmail for critical communications!
I agree, but this is where lots of my old email addresses from previous employers gets routed -- don't quite feel like calling them up and having them change it again.
There is a program, "gotmail", that I've used for copying hotmail email to my local inbox -- it looks very good on the recieving end (not all the hotmail crap you'd get in your message if you forwarded it).
I don't want to use this automatically/periodically on my Inbox because of all the junk mail that gets delivered to that address (more than a decade of Usenet posts with my old addresses gets about 20 spams per day).
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
I was out of town for a week... didn't check my hotmail account.
During that time, my hotmail Inbox filled up with these sorts of messages (large attachements with the text: "I send you this file in order to have your advice").
Once it reached the maximum size for hotmail diskspace, hotmail started automatically deleteing older messages: all the messages in all of my folders had been deleted by the time I checked my hotmail account.
All that was left was spam in my Inbox.
Thanks, Microsoft!
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
If you have some intellectual property you have 4 ways to protect it:
- Trade Mark
- Copyright
- Patent
- Trade Secret
The first three rely on government protection. The last one relies on your own ability to keep it secret. If you're unable to keep it secret then you should use one of the first three methods to protect yourself. If you fail to keep it secret and don't use one of the other methods then you are unprotected and there's nothing you can do - that's why the other methods exist.IANAL But I recently had one explain all this to me.
---- SIGFPE
Got Rhinos?
Those are the worst kind of strangers!
Got Rhinos?
I love you, Mellisa!
Friends don't help friends install M$ junk.
Why do people keep posing technical legal questions to a bunch of geeks, most of whom haven't even graduated from college yet? Is there some secret stash of lawyers on Slashdot that I'm not aware of yet?
Judging from the uninformed comments above, evidently not, but there are a *ton* of clueless idiots who are more than happy to spout off their opinions on a subject they know nothing about. But hey, that's what most Slashdot discussions are anyway.
Trade secrets are covered by a myriad of laws, and you can get in serious trouble for divulging them even if you learned of them by accident. Call a lawyer to find out more details. Slashdot can't provide much help on legal questions, as we've proved over and over and over again...
--- egomaniac
ZFS: because love is never having to say fsck
Practically, it'd be pretty hard for them to tell the difference between this one trade on hot info, and lucky timing. It'd be even harder for them to prove it, unless they got sircamed your document that detailed plans for exploiting the insider info.
At that point they'd find themselves dealing with the same ethical question...
--
Free Software: Like love, it grows best when given away.
I disagree. After all, this is your mail. So it's not the same as getting someone else's mail in your mailbox. It's like getting someone else's mail in your envelope. (I do agree with the comment about insider info, though. IANAL, but I think it doesn't matter how you get the information.)
Why don't we explore this a bit. Let's say Mr. X is writing some letters, and he accidentally puts Mr. Y's letter in Mr. Z's envelope, and vice-versa. What are the legal implications of that? Are Mr. Y and Z free to use any information therein, even if it is clearly not meant for them?
If Sircam had a way to get messages back to a particular point from several generations along, I'd agree with him completely.
Personally I actually have glanced at the contents of one of the Sircam messages that was sent to me (in a hex editor), but only because the filename was my birthday.
-- fencepost
fencepost
just a little off
Anyway, I feel fairly confident that the DMCA doesn't say anything about whether the encrypted materials are legal or not - it's breaking the encryption and using (having? disseminating?) the tools to do so that's made illegal. Is there anyone here who doesn't think the antivirus vendors have developers building their own tools and sharing within their teams?
-- fencepost
fencepost
just a little off
Consider a virus writer being caught, then going after the major antivirus software vendors for breaking the encryption on his virus...
-- fencepost
fencepost
just a little off
On another note... are you saying I can't post those so-called confidential emails between Slashdot and goatse.cx paying for click-throughs?
--
-- Is "Sig" copyrighted by www.sig.com?
No, actually, the better analogy would be somebody breaks into the jewlery store, steals the jewlery, boxes it up, puts in a note saying 'I send this jewelery for you to try out. Please to wear it and tell me what you think' and mails it from the store's address. Is it 'ethical' for you then wear it?
Vintage computer games and RPG books available. Email me if you're interested.
Vintage computer games and RPG books available. Email me if you're interested.
True, Carl is still bound by other laws and regulations (such as Copyright law), but the point I was trying to make is that Carl is not bound by the contract.
The Economics of Website Security
Let us say that Alice and Bob enter into a contract, with a confidentiality clause. Bob's computer is infected with SirCam and it mails the contract to Carl. Carl then publishes the contract in a news paper. Alice may have grounds to sue Bob for breach of contract (Bob's copy was leaked) but doesn't have grounds to sue Carl for a breach since Carl was never a party to the contract.
Now for Bob or Alice to release any information may still be a breach, but Carl can do whatever he wants.
The Economics of Website Security
Taco's got 1.1 Gigs of attachments from his friends? I must be lucky then, all my friends are smart enough not to click on files attached to emails that look dodgy!
And this is rather blatant. I mean, do many ppl have friends who send an email saying 'I send you this file in order to have your advice'? Everyone I know passed 3rd-grade English...
Grab.
If said thing was placed with the intent to trip a person, it is the homeowner's fault that the theif was hurt.
So I do not have the right to protect my home, family and/or property?
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Quid pro quo, loosely translated as "this for that."
Why not a new form of industrial espionage?
Even better, take this into the political activism-type space. Send your virus into Evil Corporatist Inc, and have it start broadcasting junk off of hard drives all over the place. EVERYBODY gets the damaging evidence. Plus imbed it in the body, don't make it an attachment.
Call it "No Secrets".
The living have better things to do than to continue hating the dead.
Wow, talk about a lot of stupid friends. I've only gotten a few of the SirCam virus emails, so I have to assume either a) people don't like me enough to put me in their address book, b) my friends are smarter than CmdrTaco's, c) my friends don't use outlook
In contracts I am writing up at the moment, there are standard confidentiality clauses. This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published. Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets.
If they delete it, no problem, if they keep it, big illegal problems.
IANAL, but I hired one and thats what they said.
Tux Games. Your complete source for native Linux games.
- You did not do anything illegal to get it
- They did not take sufficent precautions to prevent the leak.
I would guess you would be safe in releasing it. But, if it got to you, it probably got to many others so the leak would not be traceable.See a lawyer.
Fight Spammers!
... to perhaps clarify your question.
Imagine a theif who robbed a jewelry store and while being pursued by the police, he/she places the stolen goods in your mailbox on the street. You find the jewelry in the morning. Questions: Is the jewelry now yours? What's the ethical thing to do in this situation?
The ethical thing to do would be to notify the authorities so they can return the jewelry to its rightful and legal owner. Who should be notified in this case? The sender? The sender's company?
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
You shouldn't set your email program to automatically execute attachments...
You shouldn't open attachments from someone you don't know...
Oh wait, you might get the virus from someone you DO know, but you shouldn't open attachments unless you know what they are and were expecting them...
Always use BCC:
Keep your virus definitions up to date...
Keep your programs/operating system/server up to date with the latest patches...
Always backup your data...
You shouldn't be superuser-equivalent unless you need it briefly to change something...
You should choose a password that is not easy to guess...
You should change your password regularly...
You shouldn't use the same password on different systems...
Do not feed the bears...
It could go on and on. Your idea is fine. It represents one of the many things that *should* be done. But who is going to do it? The fact of the matter remains, people won't follow good security practices because it's inconvenient, they don't want to, they don't know about them, or their Aunt Ruth has a beard.
The point of the question above is that when someone receives something confidental, accidentally, the ethical thing to do is to delete it. Who's responsible? Well, the virus writer, if the file was spread as a result of a virus. Sure, the user should have kept his document secure, but he didn't. Are users guilty of violating any of the above policies? Sure. Are sysadmins? Yep. We do it too.
Of course, we need to educate our users and enforce security policies. Saying "this will work; problem solved" isn't sufficient. Proactive education, policies, and enforcement are the answer. Now I've got to get back to work and do it!
"I say consider this day seized!" -Hobbes
"I say consider this day seized!" -Hobbes
"Tomorrow we'll seize the day and throttle it!" -Calvin
List of logins and passwords, dialin lines, home phone number of the guy, network layouts, HR documents, resume's, various engineering documents, etc
All from the same guy.
Emailed him back a few times, emailed root,abuse and postmaster.. tried to whois the domain, but the registrar's whois database was broken. I'll just keep collecting I guess.
I think some of it is cause of Inflex emailing him back, telling him this email has been blocked due to attachments not allowed. And then it emails me another document right. It's great fun, it seems to email two in a row, and then picks a new one.
ever put marbles in a paintball gun? Or ball bearings? Non-lethal home protection at it's finest.
Depleted uranium would also be cool, but methinks that will be problematic.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Which leads to the question of how do ethics get passed on if there is no education in them?
"It is a greater offense to steal men's labor, than their clothes"
If a document is top secret, it shouldnt be stored on a networked computer. If it is stored on a networked computer, then it should be encrypted. problem solved. encrypting important documents should be as important as backing them up.
I also take the opportunity to tell them to drop M$.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
He claimed he wasn't squatting, that he had registered a company "KV-Earner", but when you call your company "Domainname Trading", that excuse seems rather lame. Also, whether or not he was squatting is really irrelevant.
First he warned them that they were sending to the wrong address, but they just continued sending it to him. When Kvaerner understood what had gone wrong, they tried to buy the domain name from him for nothing, but he refused. Then, they got the police to knock down his doors and arrest him for blackmail...
Well, there is a quite minimal KV-Earner-page there now, so I guess the police lost the case (when it comes to technology, they loose everything in court).
While I don't have much sympathy for squatters, it is completely irrelevant in this case. It is the moron who managed to send information worth millions to the wrong address unencrypted who should pay (and get fired). I find it just incredible that people send confidential information unencrypted.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
I can't imagine where they got that idea... I mean, we were just traversing the 'net by telnetting from one Cisco to another (this was in the late '80s).
Anyway, I wound up not coming back the next semester (my grades weren't good... I flunked Freshman Orientation, which should tell you something) and started playing with computers for money instead. I guess maybe I've picked up some ethics along the way.
Maybe.
--
While that is true of widgets you receive in the mail, you do not, by receiving mail automatically receive the right to reproduce the contents of the mail as well.
.doc from a hapless MS employee that details their impending takeover of some Linux company or dotcom is not technically useful information since you can't go trading stock based on it. Getting nude pictures of your ex taken by his/her new partner (because he/she was too lazy to take you out of the address book) is nice, but you can't share them.
Anyone wishing to "use" the contents of the information they receive as a result of SirCam is still subject to copyright, trademark, insider trading regulations, etc etc.
So getting a
Now ethically, you'd probably just want to hit delete on all those emails without even bothering to look at them.
I do not have a signature
IANASR (I am not a Slashdot reader)
Donate background CPU time to fight cancer.
Look, pal, you better believe yourself into getting a lawyer, because you could get into some serious legal trouble doing that. Whether or not you believe there's any legal trouble doesn't mean you won't end up in jail, kid.
If your e-mail quota are filling up, they should simply refuse to accept more mail, not delete old stuff. This scheme too is prone to denial of service, but at least your correspondents will know that their message to you was lost and that they should try again later.
I don't think this guy is speaking the truth.. my wife uses hotmail and this is exactly what happens when she runs out of space, hotmail stops accepting new mails. She has NEVER had a mail automatically deleted by hotmail (in over 2 years of hotmail usage)...
I thought someone said there was going to be free beer!
I explained this to a church leader who had his computer flailed with this virus. There is no user security on Win98. It gets better on WinNT and Win2k, but there is nothing preventing this virus from sending out anything on your computer. This time it was only a few DOC files.
The church leader is on a minister search committee and had MANY private docs on his computer. Every notion of security and privacy just went out the window as soon as SirCam hit.
The worst part about it he did have a personal firewall, but his young child's friend/cousin/other allowed SirCam access to the internet.
Well, it would appear that Matthew Haughey of MetaFilter has considered building SirCamExchange.com [according to betterwhois, it's still available...]. He compares it to FilePile, but I find the idea rather...inane. Oh well.
-- Geof F. Morris
who hasn't gotten a single one of these? Not one. I have yet to get infected by one of these worms, but still -- I got copies of the others. I feel all lonesome.
it depends on your ethical system.
Here's a conundrum:
what would you do?
just trying to say, it might be more complicated than just trade secrets. trade secrets, I'd publish them and be done with it. they're just a form of anti-competitive conduct anyway.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Nolo Law has a Trade Secret Basics FAQ where I was able to learn a lot. Specifically, they state that the definition has a carve-out for "improper acquisition and theft." -- Meaning I DO think that you would be legally bound to maintain that as a trade secret, just as if you has stolen the documents yourself.
And I deleted it. However, if it had contained some neat company secrets I would not have felt any remorse in sharing it nor do I believe there is any legal obligation for anyone to refrain from doing so.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.
That is just a request. It is not the law and is not enforceable through the courts. Be careful what you fax and where you fax it. Same with email, virus facilitated or not.
There is a reason employers, real estate agents, car salesmen, etc, ask you to sign, sign, initial and sign again. If it was as simple as writing a blurb, then all anyone would have to do is "show you" the contract.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
Unplug the modem/NIC...
... your machine will still get infected.
No. That is not enough
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
It sucks, but if confidentiality is breached the sucker that got taken by the virus is liable in the USA if they were negligent. For example, if it was reasonable for the employee to follow company policy and not open attachments and ignored that policy ... they are burned.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
To be blunt: Shutting off the internet and then opening the infected attachment is like putting on a condom and then injecting yourself with HIV. It is not about where else the virus goes ... the point is now you have it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
Seriously... There are just way too many responses giving you difficult answers with hex editors, etc... Just open it up using note-pad. Remove the .doc file extenseion and replace it with .txt and click it. You should read some of the files I've been receiving. Interesting stuff. If you don't see you extensions, then change that.
Start -> Settings -> Active Desktop -> Customize my Desktop -> Folder Options -> Click 'Yes' -> View Tab -> 3rd one down is the hide file extensions choice. Make sure it is unchecked. Have fun! Carter
www.slightlycrewed.com - Because aren't we all?
Sure, but how many people actually read the agreement? I'm sure you could write in bold letters "THIS WILL DESTROY YOUR COMPUTER" and people will still click "I agree".
....
Now that you've given away my patent, a clickable virus with a UCITA-enforced contract, which presents a binding electronic agreement whereby which the user agrees to give in perpetuity all trade secrets, patents, financial instruments, and suchlike in return for permission to run the virus. Of course, I was also planning on patenting the virus that clicks the button for you, as a time saver
Sigh, now what am I gonna do to Make More Money!
--- Will in Seattle - What are you doing to fight the War?
friends came to my house and started talking about new email virus and their methods to prevent them. It seems that they've a great time infecting each other.
When it came to my turn I said:
"I don't use Outlook."
It was a long silence after that. To break the ice, I repeated:
"I don't use Outlook."
Sometime the solution to problems is so obvious and simple.
A sampling of what I've seen:
I've sent a reply to every single user I've gotten SirCam from with detailed info on how the virus works and how to get rid of it with links to SARC, etc. I've only had one person reply and apologize. Everyone else is strangely silent :)
Top Most Bizarre/Disturbing Error Messages
-----
-----
so i says to mable, i says
1.1 gigs, eh Taco? Funny, I haven't received a single e-mail from Sircam yet, and I'm on a half dozen mailing lists and have no spam filter.
I guess I just have a contacts list full of people who aren't stupid enough to open random attachments to cryptic e-mails. Or, in my mom's case, are entirely too stupid to open attachments in the first place, and keep leaving messages on my answering machine to help them open attachments so they can "give all these people advice".
Anyway, I guess that's something to be said about being an editor for slashdot...you get e-mail from a lot of idiots. And you wanted to write off the effects of this virus as a strictly MS phenomenon!
Hey freaks: now you're ju
I send this Ask Slashdot to you to get your advice.
Would somebody PLEASE write a mail worm that DISABLES SCRIPT EXECUTION after mailing itself to everyone on the recipient's lists?
--Blair
"I had the chicken pox. ONCE."
I'm sure the authors of all these recent viruses would just love to implement this. I can think of lots of fun things to do now:
Outlook virus that sends not only itself to all persons in the address book, but also a random file from "My Documents" or somesuch. Especially good if the virus picks files that are .doc, .xls, etc.
IIS exploit that fully allows "visitors" to read all cgi scripts, as well as perform "updates" to these scripts.
Now, if you'll all excuse me, I've got some MS exploits to write....
Long, cute, or funny Sigs are just another form of over compensation, used by geeks, nerdz, etc.
You even had to provide your social security number, to prove you had attended the course. Needless to say, this was high on my lists of leaving at the exit interview.
Me: "If you thought I had poor ethics, you shouldn't have hired me in the first place!"
Interviewer: *sigh* "Yes, we've ben hearing that a lot."
But I bet most of it was news to the salespeople.
www.lucernesys.comHorizon: Calendar-based personal finance
Inquiries to decide whether something is truly protectable as a trade secret are extremely fact intensive. If this were my case, I would be examining how widespead news of this virus was and what steps the company took to protect itself from the virus, and depending on who I was representing, argue either for or against the proposition that those steps were reasonable.
If I was trying to defeat a claim that information should be protected as a trade secret, I would probably even argue that a company that needs to protect trade secrets was unreasonable in running Microsoft software. Lest you think I am merely MS bashing, be advised that at least one insurance company writing policies covering information and computer assets charges higher premiums to policy holders who run MS software because of the increased security risk to the comapny, which directly translates into increased risk of loss for the insurer.
Laws affecting technology will always be bad until enough techies become lawyers.
Company A regularly updates its virus software but the timing was off for this update and they were infected. Company B haphazardly updates its virus protection. Company A may keeps its trade secret protection. Company B does not. Why? Because A took reasonable steps to protect itself and B did not.
Laws affecting technology will always be bad until enough techies become lawyers.
IANAL, but I did ask one in passing about this. It is difficult to get a short, concise answer from a lawyer about anything BTW...
Based on that conversation, this is what I understand the situation to be here in Canada: if there is no pre-existing NDA in effect, a person who receives a document labelled "confidential" is not under any legal obligation to maintain that confidentiality.
I was cautioned however, that there would be no guarantee that any information received in such a manner would be accurate or authentic...
Caveat emptor.
*** Where are we going? And what's with this handbasket?
Of course, if you sign a contract, you personally may be bound not to talk about things even if they are widely known. Furthermore, if you leak the information, you may be liable. But that doesn't apply to people who didn't sign those contracts.
You misunderstand why people discuss these matters. The US has a representative government and laws are by the people and for the people. Non-lawyers must discuss these matters and try to come to terms with them, because ultimately we all decide on what laws we want to be governed by. Arguably, trade secret law has gone way too far in protecting information held by companies.
The question raised by the message illustrates an important point and is worthy of discussion. If you don't like the level of discussion on Slashdot, I suggest you contribute to its elevation, rather than flaming randomly.
The thread is about whether legal issues should be discussed by non-lawyers at all. I argued that there is at least one group for whome it makes sense to discuss US legal matters. If there are others, great. Please stop your knee from jerking.
Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.
Or with Cygwin it's
$dd if=virus.doc.pif of=clean.doc bs=1 skip=137216Rename it to the actual file type and open it.
Do not double click it, instead open it from the correct app (just in case you didn't remove the virus properly - Word doesn't open windows executables)
There is also an hidden article on Slashdot about the case: http://slashdot.org/articles/01/07/30/1558227.shtm l.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Wow..i wish my email adress was flooded with secretely intercepted documents about money laundering and kidnapping.
you know, what if this virus was inserted into that area of the world purposefully to expose illegal operations and aid law enforcement? not a bad idea, except its a bit of an infringement of privacy.
i guess the downside to getting all those files is that the originators CAN track you down and kill you, id consider a quick adress change/plastic surgery