Security Basics mailing list archives
Botmasters/Victims and DMCA
From: Viva Colombia <vivacolombia2005 () gmail com>
Date: Wed, 16 Sep 2009 15:01:33 -0400
Regarding what Shailesh kindly replied, I believe I must note here that in civil law countries (as opposite to case law countries such as the US), the owner of a computer that has been compromised in a botnet might be held liable for the damages that his lack of diligence or his negligence (that are two different concepts) cause to third parties when it results in him not securing his machine as others in his same circumstances would have reasonably done so: if that person is a "pater familias" (a home user) then he should protect his home computer in the same way a caring father would, in order to truly protect the privacy of those he loves the most and to protect his other valuable assets, such as his financial information and the like. And, if that person was any one of you, security experts, then he would have had to secure his computer according to widely accepted standards of security. That person could theoricaly, at least, be bound to repay third parties affected due to the activities conducted through his/her computer thanks to his/her lack of diligence or negligence. It would not be a crime thus this person would not be prosecuted. It would be a civil matter. The case I'm pointing out here is one in which the botmaster is accused of piracy committed through the botnet, among other crimes; and theoricaly imagining if it would be possible to try legal action against any person if, for example, it was one of you who did not secure its network appropriately, according to widely accepted standards (or according to your employer's policies, if given). So far, I think I can conclude that the botmaster could indeed be taken for a service provider; still it would be funny to think of a botmaster fulfiling the requirements service providers must comply with in order to be eligible to the safe harbor provisions within the DMCA. But this is a good starting point for other theorical scenarios. And with regards to the victim, as soon as I find an answer or further develop my conclusions I'd let you know! If there are any further opinions I'd be more than glad to receive them... :) On Tue, Sep 15, 2009 at 9:15 PM, Lane Christiansen <lanec42 () gmail com> wrote:
On Tuesday 15 September 2009 10:09:40 am Viva Colombia wrote:Hi all, my question (for a legal paper that I'm writing) is whether a botmaster and a person whose computer has been recruited in a botnet can be considered as service providers, according to the broader definition of service provider provided by 17 USCĀ§512(k)(A-B). I've found court decisions and some opinions, but none refer to botmasters, they would only allow me to conclude that if theirs is an IRC botnet and they provide, for example, chatting services through their command & control bots, then they would indeed be service providers as per the DMCA; but I found nothing related to whether peers in P2P botnets or networks can be taken as service providers, bearing in mind that they are used as storing devices and communications or transmittal nodes. I'm trying to analyze whether they could be held liable for violations of the Copyright Act when said violations take place through and thanks to the botnets and thanks to the negligence of the owner of the infected machine (who did not protect it appropriately), and if they two could successfully use the safe harbor provisions on their behalf. I hope I'm not too confusing... Thx!I can't comment on this (IANAL), but I'd be very interested in reading your paper - it'd be awesome if you could post it here when you're finished!
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Botmasters/Victims and DMCA Viva Colombia (Sep 15)
- Re: Botmasters/Victims and DMCA Lane Christiansen (Sep 16)
- RE: Botmasters/Victims and DMCA Ian Bradshaw (Sep 17)
- Message not available
- Botmasters/Victims and DMCA Viva Colombia (Sep 17)
- Message not available
- Re: Botmasters/Victims and DMCA Viva Colombia (Sep 23)
- Re: Botmasters/Victims and DMCA Lane Christiansen (Sep 16)