Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco IOS Shellcode Presentation

From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 02 Aug 2005 10:44:30 -0400
Michael Holstein wrote:
You bet! .. as it pertains to anything past their demarc at their properties, they're entirely free to log and review every packet that comes/goes.
That means they can legally review your IM chats, go back and read your email from a month ago, whatever ...
The legal precedent for this is essentially "He who onws the network, owns the data" (with respect to an employee/employeer relationship). It's a bit different for commercial ISPs. 



(Disclaimer: I'm not a lawyer....)
Actually, it's even a bit more complicated than that. Technically, you could copyright every e-mail sent to this list. As long as you state that it is copyright to your legal name, it is, in fact, copyrighted. Of course, in the case that you send that e-mail to a public mailing list that you know is archived, it can clearly be argued that your work was intended to be distributed with license implied for all. However, that doesn't remove ownership and limited monopoly.
It's not just that they're commercial ISPs versus private networks... what also matters is who's writing the material and what function they're serving when they write that material. If you're working at XYZ Corp and you send out an e-mail, depending on your business arangement that e-mail is probably copyrighted to XYZ Corp by default since you're acting as an agent of XYZ Corp. What makes it possible for us to examine any data which comes in contact with our networks is, essentially, fair use. If someone transmits a copy of MS Windows XP across my network, do I own the packets that make it up? Of course not... if that were true it would be possible to circumvent every copyright out there. However, since that data was transmitted across my network, it's fair use for me to analyze it as it resides on my property. This is particularly true if transmission was not instigated by the one doing the monitoring.
Sure, the company may own the databases that any packet captures may be on... but the content in those packet captures may still carry copyright requirements with it, depending on what it is and how constructable the data is. Non-solicited transfer may be considered providing a limited license...
What happens in the event that mass numbers of copyrighted data including packets get misrouted? I have no idea. :)
In either case, boiler plate restriction statements on e-mail sent to mailing lists is silly because it is almost definately unenforcable. 

               -Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: