PCs Posted No Trespass

FreeLinux writes "USA Today has a story about a federal court ruling stating that Spyware can constitute illegal trespass. From the article: 'A federal trial court in Chicago has ruled recently that the ancient legal doctrine of trespass to chattels (meaning trespass to personal property) applies to the interference caused to home computers by spyware. Information technology has advanced at warp speed with the law struggling to keep up, and this is an example of a court needing to use historical legal theories to grapple with new and previously unforeseen contexts in Cyberspace.'"

Not gonna change a goddamned thing.

[Caspian]

There will still be spyware, even if it's ruled that you can't 'trespass' on peoples' PCs without their knowledge. All that will change is that they will bury some legalistic bullshit which translates roughly to 'by installing MySuperScreensaverz.com on your computer, you give us permission to pwn your box and fling shitloads of pop-ups at you' five pages deep into the EULAs for all spyware-containing software.

I strongly suspect that this has, in fact, already happened in many (most?) cases.

Re:Not gonna change a goddamned thing.

[merreborn]

Even worse, the Internet is international. A law deeming the installation of spyware illegal in the US has no effect on a company based in Tobego.

Re:Not gonna change a goddamned thing.

[Kadin2048]

Well the nice thing about this case, is that the judge didn't invent any new laws for this case. He just took a very old law, and applied it to the (IMO rather obvious) situation before him. As judges should.

Frankly, if we had more judges doing things like this, we probably wouldn't have to have nearly as many halfassed, more-harm-than-good, kneejerk reaction laws passed by politicians who are being hammered at by their constituents to "do something!"

Although you have a very valid point about users being stupid if they allow spyware to be installed on their machine, I think everyone pretty much understands that some of what spyware does is wrong and ought to be unlawful: in particular making itself hard or impossible to remove, or once installed doing things other than what it says it was going to, do or installing other programs without your consent.

You don't need to have a law for every particular thing that a person can possibly do wrong to another; there are a certain number of general principles that I think most people in a civilized society can accept (or will accept, if you want to keep living here), and one of them is that you shouldn't make someone else's property less valuable to them without their consent. And that consent is no good if the defendant lied about what they were going to do to the property. To use your analogy, it's as if you let someone in your house thinking they were a plumber and here to fix your toilet, but instead they sat around in your living room and watched TV for a while so you couldn't use it, and refused to leave when you asked. Sure, you let them in, but only because they presented themselves under false pretenses.

But my biggest issue here is that spyware is a situation, at least in its more extreme forms, which is plainly obvious to the average person as something that ought to be illegal. Generally when you have a situation like that, you don't (and shouldn't) need to have a particular law for the case. Certainly there are ways in which computers and the virtual world of the internet differ so fundamentally from the physical world that the same laws shouldn't apply. But those cases are more rare than you might think, and in hesitating to apply the few thousand years of common law (and common sense) that we've acquired as a civilization from the past to computers we've allowed a lot of dishonest people to create a lot of aggravation and damage to others, doing things that would be illegal if they weren't being done through a computer. I'm glad that this judge, whoever he is, has wised up to this fact and is putting some of that established wisdom to work here.

Re:Not gonna change a goddamned thing.

[NMerriam]

No, but it does have an effect on the company's assets and any business it conducts with companies in the USA. Spyware is usually for advertising of some sort -- advertising to customers in the USA isn't very effective if you can only advertise foreign companies with no offices in the USA, and your own company can never conduct contracts or maintain assets in the USA.

The Feds Have Taken The First Step

[geomon]

When prosecuting a case of trespass, the owner must often demarcate their property with signs indicating that it is private property and trespass is not allowed. This isn't true for all jurisdictions, but the feds generally treat their networks and individual machines in such a manner. All of the ones I've worked on are required to post a warning that they are government property and that unauthorized access is considered criminal trespass.

Re:The Feds Have Taken The First Step

[infonography]

Not quite, the simple fact of a door that is closed is all you need. Even if it's wide open it's still properly demarcated. Signage is not a requirement, merely courtesty. The Fourth Amendment - Search and Seizure is all about what is and isn't legit. Having a firewall on your system is enough of an indication your not a open house.

Quite the reverse, a house or clearly property must have some sort of indication that welcomes visitors. Otherwise it is assumed not open. Thats why businesses have OPEN signs. If you don't see a such a sign then they are not open to the public.

Re:The Feds Have Taken The First Step

[infonography]

That is where you would need a sign to prove trespass, open land is just that. However Farmland is a bad example. A farm is a place of activity.

Now Merry and Pippin, If your caught trapsing around in Farmer Maggots fields he's like to get a little upset. Maybe even overreact.

Re:The Feds Have Taken The First Step

[Arandir]

Amazing how networks went from communal workspaces to protected territories.

Not really. Rural folks rarely lock their doors, everyone in the city does. Rural fences aren't meant to keep people out, but to keep cattle from straying. When the internet had only a few thousand users, no one cared much about security. But the internet isn't "rural" anymore, it's global with millions of people on it.

Re:The Feds Have Taken The First Step

[surprise_audit]

What distinguishes between open land and any other kind? I recently bought a field and haven't done much with it yet. It's fenced, mostly, but the fences need some repair. It's possible to walk, or drive, onto it without having to open a gate or climb a fence. Is that "closed" enough for me to prosecute if a bunch of yahoos on 4x4's go 4-wheelin' on it?

How about my front yard, which is not fenced at all, right back to the building line? It's clearly maintained, is that enough for me to be able to administer a good kicking to the idiot neighbor child who takes his 4x4 up the side of the yard into the field behind our houses? I'm pretty sure what he does is illegal anyway - he's maybe 12 or 13, rides the 4x4 on the road between his house and mine, and I've watched him come roaring up the side of my yard and launch himself onto the road, using the banked side of the drainage ditch as a ramp. I'm fairly sure he doesn't look for traffic, and the place he usually lands is just short of an 8-foot dropoff, so he may just take himself out of the gene pool anyway, but it would be fun to use him for paintball practice, especially if I could do it legally...

As for the field, I'm considering posting notices like, "By crossing this fence you consent to being a paintball target. Thanks for playing. Have a nice day!"

Re:The Feds Have Taken The First Step

[Kadin2048]

It depends on the state. I think in most places a fence is enough to make an area off-limits. Generally you have to do something for it to be trespassing: enter a house, step over a fence, ignore a sign. If it's totally unmarked and you could have just blundered on, then you're in the clear. Where it varies, I believe, is in regards to motor vehicles. In some states you only get that benefit of "oops, I didn't know I was trespassing" if you're on foot, it doesn't apply to people in trucks or on a quad.

Where I used to live (Maine) the laws are pretty liberal about a person's "right to trespass," and you can in fact go 4x4ing, snowmobiling, hunting, etc., on any land that's not posted against it (or where a reasonable person ought to know you're not allowed, i.e. your neighbor's front lawn). This is a pretty big deal because a fairly large percentage of the state is privately owned by the paper companies, who don't actually do anything with it for 15 or 20 years at a time, then they come through and log and replant it and ignore it for another decade or so. Residents use the land as recreation space when it's otherwise fallow, and also have the side effect to the paper companies of keeping the roads clear.

The problem is when trespassers -- in particular, ATV riders during the spring "mud season" -- start destroying or damaging the property and the owners start posting it against trespassing. More or less the old 'tragedy of the commons' writ large. (The solution at least in some areas is to restrict motor vehicle access to all but approved organizations like ATV and snowmobile clubs, who maintain the roads or trails [and protect the property owner from accident liability] in return for access that would otherwise be denied.)

In your case regardless of the state laws, the kid is almost certainly in violation if you tell him not to drive on your property and he continues to do it, regardless of what kind of barriers you have up, as long as the property boundary is marked somehow.

Trespass!? How about Break and Enter?

[DigitalJeremy]

Seriously though, it's refreshing to learn the courts are looking at it, and at least TRYING to make spyware fit into the legal system somewhere.

If I've ever said "there oughta be a law", here is where it most certainly applies.

Prison time

but who is guilty, the people who create the malware or the people that finance them ?

im looking forward to seeing a few more executives in jail, they seem to think if you wear a suit and have a PLC/INC you can do what you want without recourse

Re:Makes Sense to Me

[robertjw]

But how much spyware is installed by the user unknowingly, via misleading dialog boxes or other methods in which the user is fooled into installing it?

Exactly, where will this end. If spyware is trespass how about all the advertisements or demo software that is routinely installed with commercial applications.

From TFA the defendants caused spyware to be downloaded onto his computer.

It would be interesting to know how exactly the defendants 'caused spyware to be downloaded'. Looks to me like the plaintiff was visiting sites that had spyware attached to them, he shouldn't have visited these sites if he didn't want spyware installed. That's what I do. It's like he had a party and his guests brought some friends. Now he wants to charge his guest's friends with tresspassing. Would make more sense to be careful who you invited to start with.

King Tut's Abacus

[HermanAB]

Obviously, if someone would install broken beads on my abacus without my permission, I would be rather miffed and would have no difficulty getting relief in court. The same thing applies to PCs. However, it simply isn't worth going to court for any damages under $20,000.

Re:interpreting the law

[robertjw]

I'm serious there has to be a point where this is filtered.

I wish you weren't. If you want to live in a communist dictatorship please move to China - don't make the U.S. one. Living in the 'land of the free' comes with some responsibilities. If you want the content filtered, filter it where the Internet comes in to your house, don't infringe on other's rights to download and view whatever they want to. Problem with a 'whole new slew of laws' is that the only way to enforce them results on infringments on individuals rights.

We would all be better off if people would start taking responsibility for their actions. I absolutely detest spyware and what it does to people's computers, but it is the individual's responsibility to take steps to ensure they don't infect their machines.

The court did not make a ruling... YET

[Shadowhawk]

RTFA! All it says is that the court denied a motion to dismiss the charge of trespass to chattel by the defendants. The whole thing still has to go to trial. While this is a hopeful sign, the judge may later decide against the idea.

REALLY dangerous precedent here

[theLOUDroom]

and this is an example of a court needing to use historical legal theories to grapple with new and previously unforeseen contexts in Cyberspace

No, this is an example of a really dangerous precedent.

What if, for example, I was to send you an email contained a corrupted file that crashed your system?
Is that tresspass too?
How the fuck do we know?

Part of the reason for having laws, it to have it clearly spelled out, what we can and cannot do within the bounds of the law.
Rulings like this are really dangerous because they throw the established legal meaning and inperpretations to the wind.

Computer crime laws exist and they are there for a reason. If they are not strong enough, that is a job for the legislature, not the judiciary.

Sure it's important to catch these jackasses, but it's not so important that we should forget why we have written laws in the first place. A person should be able to know very clearly what they can and cannot do.

Rulings like this are very dangerous, as the judge if effectively just making shit up and ruling by analogy.
Can they start charging people who call on the phone too? We don't know.
With judgment like this, you could be declared a criminal at any moment.
No matter what you do, with enough bad analogies and hyperbole, it could be compared with something illegal. Is that really what you want?

Re:REALLY dangerous precedent here

[theLOUDroom]

Well, when you send an email, you don't send it to the recipient's computer. You send it to their email account. The recipient downloads it to their PC, so they can't claim they never gave the file permission to download. Especially given that many mail programs allow you to block attachment downloads.

And when you vist that webpage you got the spyware from you deliberately chose to go there and download that information too.

See how muddled it gets?

You can say that because X happened or because Y happened it is or is not tresspass, but that isn't actually recorded anywhere in the law. See how dangerous that is?

We both think your logic is reasonable, but someone else could easily inperpret thing differently. We really don't know which way this judge would rule and I think that's pretty scary.

Re:Makes Sense to Me

[Feanturi]

Looks to me like the plaintiff was visiting sites that had spyware attached to them, he shouldn't have visited these sites

That reminds me of a help desk tech I was in a Y-jack with one day, telling a customer not to use a firewall because of the problems they cause. I muted him and asked, "Ok, so what if they run a program that is actually a trojan?" His response, "Well they shouldn't do that."

Great non-answer. How's the guy supposed to know which sites are safe and which aren't?

"No trespassing" signs are not a requirement

[WebCowboy]

...if it was it would be pretty ridiculous.

If I accidentally forget to lock the door of my residence when I have to leave to run a quick errand, and I return to unexpectedly find a stranger rummaging through my refrigerator it is criminal trespass. Said stranger need not enter by force or cause damage to be convicted of a crime, and I don't have to put a "no trespassing" sign on my front door to make it a crime. It is obviously a private domicile and "no trespassing" is implied.

Spyware is the electronic equivalent of the above. Providing explicit notification should only be required when a given property could easily be mistaken for public property--and the same applies to computers. Spyware vendors should expect that it is a certainty that their distribution methods will target computers that are "private property" and that they must clearly and explicitly ask permission to interfere with that property.

Re:"No trespassing" signs are not a requirement

[realbadjuju]

I believe the confusion about signs comes from requirements on property boundaries out west, places like Colorado where I used to live [tear].

If I'm remembering correctly if you don't have a "Private Property - No Trespassing" sign something link every 100 yards a person who is trespassing can't be arrested since it's basically impossible to tell private property from say BLM land. And just because there's a fence doesn't mean it's not public land. IANAL, but that's what I seem to recall

Though that's not to say that you can stay if some one tells you it's private property and asks you to leave. So it's more about explicitly stating that the land is private, not that trespassing is not allowed.

It might

[Sycraft-fu]

It might make spyware warn you, and remove itself when asked. That's all I ask of spyware, the same thing I ask of guests in my house. You have to ask my permission if you want in, and you have to leave the minute I tell you to get out, and not come back unless reinvited.

The problem I have with spyware is that so much of it is so slimey. It'll install itself and then put all sorts of trickey checks in to ensure it's not unloaded. It'll have a reinstaller in the services, and in the startup group, and in the "run" section, and add itself to the "run once" section each time it runs, and latch on to explorer and so on. Thus when you try to remove it, even with the help of spyware tools, it's often very difficult to get rid of. Also, spyware often opens backdoors to allow other spyware in. In the beginning you have one peice, then through no further interaction you have 10.

This is what needs to be illegal. The software needs to make it clear what it does, and it needs to uninstall, and stay uninstalled, upon request. If we can start prosecuting the sleeze that make programs that don't obey those simple rules, I'll be real happy. If you want to load up spyware on your system voluntairly, that's your business. I just get pissed when I get a service call to remove it, and it fights tooth and nail, or when a person installed one thing they wanted, and it invited 10 of it's friends they didn't.

Re:It might

[Kaenneth]

It probably helps if the Operating System kept better track of things that get installed, so that it can remove entire sets of programs together.

No dammit!

[Sycraft-fu]

The last thing we need are millions of little laws governing every damn thing! We've already gone way too far in that direction. The law is supposed to be something everyone obeys. Well a prerequisite of that would be it has to be something everyone understands. You can't obey that which you don't understand. Also our laws are supposed to be somewhat rooted in common sense. When you get down to it, most of our most important laws are just formal codifications of basic kindergarden manners: Don't take stuff that isn't yours, don't hurt other people, don't lie, etc.

Real and virtual property are basically the same when it comes to access rights, and what most people would find acceptable. If something is open to the public and inviting, like a store front or a public website on port 80, clearly it's an invitation to all to come on in. You only have to stay out if the owner explicitly forbids you access. If something is locked up, like a private residence or a passworded SSH server, it's clearly a message that you need to obtain permission first to come in, otherwise stay out. Likewise, regardless of permission, you aren't allowed to destroy anything.

Basic property law really can be very well applied to virtual property, in such a way that I think everyone would understand it and most resonable people would agree it's a good set of rules. We don't need a whole new set of complecated laws for it.

Re:Makes Sense to Me

[MurphyZero]

You are correct that the best solution is for the end user to be smart. However, just because you shouldn't have twenty dollars bills taped to your suit when you go walking down an urban street, doesn't mean that the law shouldn't punish the crook who will rob you. Society and civil behavior exists because we try to prove Darwin wrong by helping the morons survive and smacking down the predatory.

Re:Demand nothing less than software freedom.

[bedroll]

What you think are reasonable minimum standards are so easily worked around in licensing.

Where as what he suggests may be a little simplistic and utopian, I think that your criticism doesn't really negate his suggestions.

Licenses are just contracts and, at least in the US, there are some laws limiting contracts. Specifically, contracts can be deamed unenforceable if they are proven to be unreasonable. I'm sure that a good lawyer with a bit of luck could invalidate a contract stating that you give over your computer to be used however a software publisher wants at the click of a button. The problem is finding a martyr to represent the people in that battle. Then again, if such a law were in place it would only take one class-action lawsuit to scare most spyware makers out of the country.

If you want to poke holes in his utopia then you should point out that not everyone lives in America, so a law like that would only be so effective. The same way that the laws against spam have done nothing. It won't protect computers outside of this country, and it won't affect software publishers outside of this country.

I believe that the best way to fight this would be to make a law similar to those pertaining to receiving stolen goods. In other words, make it a criminal act to profit off of these things. The problem is to narrowly define what spyware is, and head off the licensing issues before an expensive court case. I'm not sure that our current set of lawmakers is intelligent enough to form a law that doesn't significantly increase the liability for most legitimate software publishers.

Re:YEA

[Jessta]

Nah, spyware can be written for any platform.
All it takes is an idiot users to install it.