Nmap Announce mailing list archives
Re: Draft Convention on Cybercrime
From: Bart van Leeuwen <bart () ixori demon nl>
Date: Sat, 3 Jun 2000 20:15:20 +0200 (CEST)
I'm not a lawyer either...but...it reads pretty clear to me.
Well.. Part of the document is quite clear, but another part is not: What constitutes a crime in cyberspace is defined by the draft, but the draft fails to define what constitutes 'having a right to connect'. On the internet such a right is often implicit, ie, you do not specificly grant someone the right to connect to your smtp server to deliver mail, but because you participate in mail exchange and that would be impossible without others being able to deliver mail to you it is imho unrealistic to see that as an illegal connection if you didn't grant explicit permission. It is rather important how the council understands this, and the draft does not make that clear imho. My take is that by connecting to the internet I grant others implicit rights to communicate,, and as such, connect to my system. That says nothing about attempting to abuse my system, that is a different matter, and the draft imho fails to make that distinction at all. However, looking at reality, I think my interpretation of this is likely to be closer to the intentions of the council and the draft then the imho over paranoid response that this means that any tool that allows for connecting to another computer is banned. Also, the draft uses words like primary, specifically, particularely. Is nmap specifically made to break into computers? or particularlely? or primarely? well... it provides information that can be usefull when attempting to break into a computer, thats however not the same as breaking into computers being the primary purpose of nmap. So regardless of the fact that an important definition is not very clear, which makes imho the entire document flawed, the part that directly deals with such tools as nmap is clear about the fact that it has to be the primary purpose of the tool. I fail to see how that can be applied to nmap. This implies that distributing nmap does not constitute distributing a device which primary purpose is to perform a crime in cyberspace, and notr does creating nmap constitute such a crime. If nmap would do things like automatically breaking passwords etc the line might become too thin... but for now imho nmap stays clearly on the legal side of the line if this draft is to become law in many places. Anyway, I can see how using nmap for certain things is illegal accordibng to the draftr, but making and distributing it? I kinda doubt it. Will scanning a host with nmap be illegal unnless you got explicit permission to do so? that depends on how 'having the right to connect' is interpreted. In my interpretation you do have that right, but only when you do this for legal purposes. Anyway.. its nice to diiscuss, but part of the document is too unclear imho to have it make much sense ;-) Bart van Leeuwen ----------------------------------------------------------- mailto:bart () ixori demon nl - http://www.ixori.demon.nl/ ----------------------------------------------------------- On Sat, 3 Jun 2000, Mike Black wrote:
I'm not a lawyer either...but...it reads pretty clear to me. All of us that use nmap would NOT be in trouble...only the author, the web/ftp site and possibly this mailing list. Quote: a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5; The above offense and the definition below would say that making nmap and putting on a website for download would fit under the definition of "dolus eventualis" -- also know in Homer Simpson terms as "Doh!". There's no way that an author or web/ftp site could say "well gee, we didn't think it would be used for bad purposes". It's only a little bit of a stretch to say that a mailing list is a "piece of software" that educates users how to do bad things (note -- I'm not talking about majordomo here...but the specific mailing list). Hacker websites would most certainly be targeted. (6) In the understanding of certain members of the Drafting Group, "intent" may also cover "dolus eventualis". For common law countries, this notion would be similar to "recklessness", i.e. that a person is aware of the high risk that a certain result may occur and knowingly accepts it. The Drafting Group agreed that the interpretation of "intent" should be left to national laws, but it should not, where possible, exclude "dolus eventualis". ----- Original Message ----- From: "Bart van Leeuwen" <bart () ixori demon nl> To: "Matt Marnell" <coldfuzion () coldfuzion net>; <nmap-hackers () insecure org> Sent: Friday, June 02, 2000 6:38 PM Subject: Re: Draft Convention on Cybercrime -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Draft Convention on Cybercrime Matt Marnell (Jun 02)
- Re: Draft Convention on Cybercrime William Bradd (Jun 02)
- Re: Draft Convention on Cybercrime David Ford (Jun 02)
- Re: Draft Convention on Cybercrime Bart van Leeuwen (Jun 02)
- Re: Draft Convention on Cybercrime Mike Black (Jun 03)
- Re: Draft Convention on Cybercrime dhaag (Jun 03)
- Re: Draft Convention on Cybercrime Bart van Leeuwen (Jun 03)
- Re: Draft Convention on Cybercrime David Dennis (Jun 03)
- Re: Draft Convention on Cybercrime Mike Black (Jun 03)
- Re: Draft Convention on Cybercrime White Vampire (Jun 03)
- Re: Draft Convention on Cybercrime Tyler Allison (Jun 03)
- <Possible follow-ups>
- Re: Draft Convention on Cybercrime Matt Marnell (Jun 03)
- RE: Draft Convention on Cybercrime Marjorie Simmons (Jun 03)
- Re: Draft Convention on Cybercrime Jeff Simmons (Jun 03)
- Re: Draft Convention on Cybercrime Simple Nomad (Jun 04)
- RE: Draft Convention on Cybercrime Marjorie Simmons (Jun 05)