PCs Posted No Trespass

FreeLinux writes "USA Today has a story about a federal court ruling stating that Spyware can constitute illegal trespass. From the article: 'A federal trial court in Chicago has ruled recently that the ancient legal doctrine of trespass to chattels (meaning trespass to personal property) applies to the interference caused to home computers by spyware. Information technology has advanced at warp speed with the law struggling to keep up, and this is an example of a court needing to use historical legal theories to grapple with new and previously unforeseen contexts in Cyberspace.'"

Good, I'm gettin' mah gun

[millisa]

Had thet dang sahn posted out yahnuh fer years now. I do b'lieve it states clearly ah am hav'n theh ra'ht t' shoot 'em.

Re:Good, I'm gettin' mah gun

[Loc_Dawg]

...it's funny but also true. If people would ARM themselves with knowledge and caution, there would less trespassing to begin with.

Re:Good, I'm gettin' mah gun

[nutshell42]

"My HD is my castle," or
"~/, sweet ~/"

Re:Good, I'm gettin' mah gun

[Tackhead]

> ...it's funny but also true. If people would ARM themselves with knowledge and caution, there would less trespassing to begin with.

In other words, people break into your box at their own RISC?

Re:Good, I'm gettin' mah gun

[fred+fleenblat]

> ...it's funny but also true. If people would ARM themselves with knowledge and caution, there would less trespassing to begin with.

In other words, people break into your box at their own RISC?

Like we haven't hear that joke 80386 times before...

Re:Good, I'm gettin' mah gun

[Dolda2000]

In other words, people break into your box at their own RISC?

Yeah. If they discover you, Sparcs may fly.

Re:Good, I'm gettin' mah gun

[silvaran]

Come on folks, let's not SPARC a flamewar here.

Re:Good, I'm gettin' mah gun

[plover]

Oh, CISC my ASCII.

Re:Good, I'm gettin' mah gun

[MAdMaxOr]

That joke was a megaflop.

Not gonna change a goddamned thing.

[Caspian]

There will still be spyware, even if it's ruled that you can't 'trespass' on peoples' PCs without their knowledge. All that will change is that they will bury some legalistic bullshit which translates roughly to 'by installing MySuperScreensaverz.com on your computer, you give us permission to pwn your box and fling shitloads of pop-ups at you' five pages deep into the EULAs for all spyware-containing software.

I strongly suspect that this has, in fact, already happened in many (most?) cases.

Re:Not gonna change a goddamned thing.

[Kadin2048]

Well the nice thing about this case, is that the judge didn't invent any new laws for this case. He just took a very old law, and applied it to the (IMO rather obvious) situation before him. As judges should.

Frankly, if we had more judges doing things like this, we probably wouldn't have to have nearly as many halfassed, more-harm-than-good, kneejerk reaction laws passed by politicians who are being hammered at by their constituents to "do something!"

Although you have a very valid point about users being stupid if they allow spyware to be installed on their machine, I think everyone pretty much understands that some of what spyware does is wrong and ought to be unlawful: in particular making itself hard or impossible to remove, or once installed doing things other than what it says it was going to, do or installing other programs without your consent.

You don't need to have a law for every particular thing that a person can possibly do wrong to another; there are a certain number of general principles that I think most people in a civilized society can accept (or will accept, if you want to keep living here), and one of them is that you shouldn't make someone else's property less valuable to them without their consent. And that consent is no good if the defendant lied about what they were going to do to the property. To use your analogy, it's as if you let someone in your house thinking they were a plumber and here to fix your toilet, but instead they sat around in your living room and watched TV for a while so you couldn't use it, and refused to leave when you asked. Sure, you let them in, but only because they presented themselves under false pretenses.

But my biggest issue here is that spyware is a situation, at least in its more extreme forms, which is plainly obvious to the average person as something that ought to be illegal. Generally when you have a situation like that, you don't (and shouldn't) need to have a particular law for the case. Certainly there are ways in which computers and the virtual world of the internet differ so fundamentally from the physical world that the same laws shouldn't apply. But those cases are more rare than you might think, and in hesitating to apply the few thousand years of common law (and common sense) that we've acquired as a civilization from the past to computers we've allowed a lot of dishonest people to create a lot of aggravation and damage to others, doing things that would be illegal if they weren't being done through a computer. I'm glad that this judge, whoever he is, has wised up to this fact and is putting some of that established wisdom to work here.

Re:Not gonna change a goddamned thing.

[NMerriam]

No, but it does have an effect on the company's assets and any business it conducts with companies in the USA. Spyware is usually for advertising of some sort -- advertising to customers in the USA isn't very effective if you can only advertise foreign companies with no offices in the USA, and your own company can never conduct contracts or maintain assets in the USA.

The Feds Have Taken The First Step

[geomon]

When prosecuting a case of trespass, the owner must often demarcate their property with signs indicating that it is private property and trespass is not allowed. This isn't true for all jurisdictions, but the feds generally treat their networks and individual machines in such a manner. All of the ones I've worked on are required to post a warning that they are government property and that unauthorized access is considered criminal trespass.

Re:The Feds Have Taken The First Step

[Tackhead]

> When prosecuting a case of trespass, the owner must often demarcate their property with signs indicating that it is private property and trespass is not allowed.

$ telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'
220 127.0.0.1 ESMTP Sendmail 8.13.37/8.00.8.135
214 Don't even think about attempting to relay spam through here, n00b. Tresspassers will be pwn3d.

Re:The Feds Have Taken The First Step

[MichaelSmith]

All of the ones I've worked on are required to post a warning that they are government property and that unauthorized access is considered criminal trespass.

At a site where I once worked we had to change our login message from "Welcome to $machine" to "Unauthorized access prohibited" because "welcome" was considered a statement that unauthorized access was permitted.

Trespass!? How about Break and Enter?

[DigitalJeremy]

Seriously though, it's refreshing to learn the courts are looking at it, and at least TRYING to make spyware fit into the legal system somewhere.

If I've ever said "there oughta be a law", here is where it most certainly applies.

Makes Sense to Me

[Trip+Ericson]

But how much spyware is installed by the user unknowingly, via misleading dialog boxes or other methods in which the user is fooled into installing it? I somehow doubt that would fall under the trespassing rule, due to being allowed in, no matter how sleazy the entry. I can understand those that are installed without the consent of the user through security holes, but those are a minority of the cases. The overwhelming majority gets in through the user inadvertantly allowing it in.

Re:Makes Sense to Me

[Fiver-]

From TFA:

"One of the defendants supposedly has an end user license agreement pursuant to which computer users are to be informed that spyware will be installed. However, the plaintiff alleged that that defendant has three means by which to avoid showing this agreement to computer users."

Re:Makes Sense to Me

[robertjw]

But how much spyware is installed by the user unknowingly, via misleading dialog boxes or other methods in which the user is fooled into installing it?

Exactly, where will this end. If spyware is trespass how about all the advertisements or demo software that is routinely installed with commercial applications.

From TFA the defendants caused spyware to be downloaded onto his computer.

It would be interesting to know how exactly the defendants 'caused spyware to be downloaded'. Looks to me like the plaintiff was visiting sites that had spyware attached to them, he shouldn't have visited these sites if he didn't want spyware installed. That's what I do. It's like he had a party and his guests brought some friends. Now he wants to charge his guest's friends with tresspassing. Would make more sense to be careful who you invited to start with.

Re:Makes Sense to Me

[Feanturi]

Looks to me like the plaintiff was visiting sites that had spyware attached to them, he shouldn't have visited these sites

That reminds me of a help desk tech I was in a Y-jack with one day, telling a customer not to use a firewall because of the problems they cause. I muted him and asked, "Ok, so what if they run a program that is actually a trojan?" His response, "Well they shouldn't do that."

Great non-answer. How's the guy supposed to know which sites are safe and which aren't?

King Tut's Abacus

[HermanAB]

Obviously, if someone would install broken beads on my abacus without my permission, I would be rather miffed and would have no difficulty getting relief in court. The same thing applies to PCs. However, it simply isn't worth going to court for any damages under $20,000.

in case you don't rtfa

[ecklesweb]

the court didn't rule the case in the plaintiff's favor. The court just denied a motion to dismiss the complaint. I'd say that there's still a way to go before any precedent is set.

Re:YEA

[muszek]

What is spyware? Is it this kind of software that I need Wine to run?

The court did not make a ruling... YET

[Shadowhawk]

RTFA! All it says is that the court denied a motion to dismiss the charge of trespass to chattel by the defendants. The whole thing still has to go to trial. While this is a hopeful sign, the judge may later decide against the idea.

Posted: Private Lan. No hunting. No Phishing.

[millisa]

No SNMP Trapping.
Violators will be prosecuted to the full extent of the law.

"No trespassing" signs are not a requirement

[WebCowboy]

...if it was it would be pretty ridiculous.

If I accidentally forget to lock the door of my residence when I have to leave to run a quick errand, and I return to unexpectedly find a stranger rummaging through my refrigerator it is criminal trespass. Said stranger need not enter by force or cause damage to be convicted of a crime, and I don't have to put a "no trespassing" sign on my front door to make it a crime. It is obviously a private domicile and "no trespassing" is implied.

Spyware is the electronic equivalent of the above. Providing explicit notification should only be required when a given property could easily be mistaken for public property--and the same applies to computers. Spyware vendors should expect that it is a certainty that their distribution methods will target computers that are "private property" and that they must clearly and explicitly ask permission to interfere with that property.

It might

[Sycraft-fu]

It might make spyware warn you, and remove itself when asked. That's all I ask of spyware, the same thing I ask of guests in my house. You have to ask my permission if you want in, and you have to leave the minute I tell you to get out, and not come back unless reinvited.

The problem I have with spyware is that so much of it is so slimey. It'll install itself and then put all sorts of trickey checks in to ensure it's not unloaded. It'll have a reinstaller in the services, and in the startup group, and in the "run" section, and add itself to the "run once" section each time it runs, and latch on to explorer and so on. Thus when you try to remove it, even with the help of spyware tools, it's often very difficult to get rid of. Also, spyware often opens backdoors to allow other spyware in. In the beginning you have one peice, then through no further interaction you have 10.

This is what needs to be illegal. The software needs to make it clear what it does, and it needs to uninstall, and stay uninstalled, upon request. If we can start prosecuting the sleeze that make programs that don't obey those simple rules, I'll be real happy. If you want to load up spyware on your system voluntairly, that's your business. I just get pissed when I get a service call to remove it, and it fights tooth and nail, or when a person installed one thing they wanted, and it invited 10 of it's friends they didn't.

No dammit!

[Sycraft-fu]

The last thing we need are millions of little laws governing every damn thing! We've already gone way too far in that direction. The law is supposed to be something everyone obeys. Well a prerequisite of that would be it has to be something everyone understands. You can't obey that which you don't understand. Also our laws are supposed to be somewhat rooted in common sense. When you get down to it, most of our most important laws are just formal codifications of basic kindergarden manners: Don't take stuff that isn't yours, don't hurt other people, don't lie, etc.

Real and virtual property are basically the same when it comes to access rights, and what most people would find acceptable. If something is open to the public and inviting, like a store front or a public website on port 80, clearly it's an invitation to all to come on in. You only have to stay out if the owner explicitly forbids you access. If something is locked up, like a private residence or a passworded SSH server, it's clearly a message that you need to obtain permission first to come in, otherwise stay out. Likewise, regardless of permission, you aren't allowed to destroy anything.

Basic property law really can be very well applied to virtual property, in such a way that I think everyone would understand it and most resonable people would agree it's a good set of rules. We don't need a whole new set of complecated laws for it.