Slashdot Mirror

← Back to Stories (view on slashdot.org)

Legally Defining "Unauthorized" Computer Access

Posted by michael on from the breaking-and-entering dept.

SDuane writes "Orin S. Kerr, Associate Professor at George Washington University Law School, has written an article trying to answer the question "what does it mean to 'access' a computer? And when is access 'unauthorized'?" It's long, but interesting and he's looking for feedback."

11 of 359 comments (clear)

  1. Popups? by jmv · · Score: 5, Insightful

    When thinking about it. One could say that a popup add "accesses" your computer in some way. Since it is also unauthorized, could it be illegal? :)

    --
    Opus: the Swiss army knife of audio codec
    1. Re:Popups? by lightspawn · · Score: 5, Interesting

      One could say that a popup add "accesses" your computer in some way. Since it is also unauthorized, could it be illegal? :)

      Of course it's authorized. Your browser preferences allow pop-up to be displayed, or you'd never see them. The combination of your browser configuration and your request for a web page that contained Javascript code, plus the fact you authorized your browser (and by extension, the sites you access) to run such code, is all the authorization that is needed.

      Don't try solve technical problems by legal means. It wastes your time and annoys the pig.

    2. Re:Popups? by Frater+219 · · Score: 5, Informative
      Of course it's authorized. Your browser preferences allow pop-up to be displayed, or you'd never see them.

      That isn't at all an "of course" issue. If I place an unpatched default installation of Red Hat 6.2 on an Internet-connected host, my "preferences" (read: installed software) by default allow remote users to obtain root access. No matter how stupid or negligent I would be to do so, I would still expect that for someone to take advantage of those "preferences" to r00t the b0x0r would indeed be illegal. Similarly, just because Jane Winecooler's browser by default allows the installation of spyware and the forced display of popup spam, does not authorize anyone to set up booby-trapped Web sites which do such things to her browser.

      The idea that any access that my host does not block is by default an authorized access is compelling to the hacker (in the old sense) since it means that everything one can do, one may do, provided it is not obviously harmful. Under this construction, if you leave your box r00table, then I may r00t it -- but I may not (for instance) delete your files or use your host to DoS someone. However, I do not think this is a solid foundation for a polity which must include non-hacker computer users. Such people expect that unless they intend to grant access, nobody may access their computers.

      I hold host operators responsible for their own hosts' behavior and security. However, I also hold abusers responsible for their behavior in exploiting vulnerable hosts to do things that they know would be unwelcome to those hosts' owners. Spyware, abusive popup spam, r00ting, email spam, and the many other unwelcome abuses of people's systems are all simply different degrees of unwelcome, unauthorized access.

  2. unauthorized by Anonymous Coward · · Score: 5, Funny

    ..but the computer can't say no, I thought it wanted me to access it, honest!

  3. Which is worse? by jonfelder · · Score: 5, Interesting

    The fact that what constitutes "unauthorized access" is very broad, or that the penalties for "unauthorized access" are ridiculously out of whack. You could practically murder someone and spend less time in jail then if you commit a computer crime.

  4. I think... by Kickstart70 · · Score: 5, Funny

    posting "1 4/\/\ 0wnz0ring j00!!!!!! luser!!!! FEE KEVIN" on their website, qualifies.

  5. Court case by DNS-and-BIND · · Score: 5, Informative
    I was involved in a federal case where the defendant was accused of unauthorized access because he used EXPN and VRFY to determine a range of email addresses to mailbomb. I thought it was bullshit, and faxed them a copy of this page (God forbid they use email) indicating that these commands were publically availible to anyone on the internet, but the prosecutors weren't particularly interested and were rather disappointed at my opinion.

    The charge was eventually dropped at any rate.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  6. Definition of illegal access by Anonymous Coward · · Score: 5, Interesting

    From a federal law perspective, "access" becomes illegal if use of the system exceeds $5K (say in CPU cycles), OR if ANY copying of information or information altering is done. Take a screen snapshot - illegal. Modify a system log to cover your tracks - illegal. Under federal law, "simple trespass" is not in itself illegal.

    HOWEVER, many states have local statutes making simple trespass illegal.

    Furthermore, if a SysAdmin notices someone unauthorized has been on the system, and their time and resources investigating the access exceeds $5K, you've hit the federal legal limit.

    Vic Vandal

  7. Length?? by bathmatt · · Score: 5, Funny
    It's long, but interesting and he's looking for feedback.

    Since when does an articles length matter?? Nobody reads them anyway, this is /. :)

  8. apply it like real life, by Vaughn+Anderson · · Score: 5, Insightful

    What is "unauthorized access" to my house?

    1. When some one comes in uninvited.
    2. When someone breaks into my house.
    3. When someone is in my house already and then I ask them to leave and they don't.

    Obviously these rules apply similarily to a website vs a brick and mortar.

    1. All people can come into my business
    2. If it is closed you cannot come in.
    3. If there is a private area you cannot have access to it.
    4. If you are asked to leave and you don't, then you are breaking the law and the nice officer will come and my asking and remove you from my premises.

    Why does the digital world have to be any different?

    My website is my business/public area, if I lock something done with a password, stay out. Anybody can email me or send me snail mail. My computer is like my home, no one is ever allowed here unless I say it is ok, period.

    No access to personal computers should be legal without the consent of the owner of that computer. An ISP has an agreement with the user, so access is needed, but this isn't much different than the water, power and sewer I have. The people running the utilities have certain accesses to my home in an odd way...

    Where do I send this?

  9. Re:Using the word "Welcome" by bensej · · Score: 5, Insightful

    Does this mean that if my doormat says "welcome" Then anyone is free to break down my door and take all my stuff? If a judge actually accepted this argument he should be removed from the bench. It never ceases to amaze me how much is allowed to occur with computers that noone would tolerate out in the physical world.