Full Disclosure mailing list archives
Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: "Michael Krymson" <krymson () gmail com>
Date: Fri, 3 Oct 2008 15:18:52 -0500
Sorry, I fail at email and at first didn't send it to FD, and when I thought I had, I munged the address. Go me! I'll see how badly I can bungle this up further by pulling this back to FD. Is it ok if I leave the post intact at the bottom? :) I just wanted to let you know I know a tiny bit how the American system works (I live here). "Beyond reasonable doubt" is typically a murder trial thing. But reasonable doubt in general is typical when interpreting and applying laws. It's just when one uses that "beyond reasonable doubt" that it evokes murdermurdermurder thoughts. What a reasonable person believs is a lot different than saying there is no doubt about something. In one case you're trying to prove guilt as much as possible, in the other you're just trying to apply common sense. I'd stick by my saying entertain a blank password is like testing a door and finding it unlocked, or that is accepts my key that I just happened to have in my pocket. Just because it works does not imply I'm welcome. I would say that a reasonable person would understand that. Thanks for the response, by the way, despite my fails. On Wed, Oct 1, 2008 at 10:26 AM, Eliah Kagan <degeneracypressure () gmail com>wrote:
I suppose I shouldn't post this to FD, as you have not done so. Very well. Please feel free to post your reply to FD if you wish, so long as you include my entire post unedited, at the top. (Of course I cannot legally constrain you from doing it any other way--all this is a matter of etiquette.) I may not wish to continue this for too long if others will be unable to read our arguments, but that's OK. Michael Krymson wrote:If I reach my hand out to the door, I can feel the knob. I attempt toturnit, and it yields to my movement. In turning the knob, the door acceptsmyinteraction, pulls the bolt out of the frame, swings upon well-oiledhingeswith nary a complaint and allows me to enter. Am I doing somethingillegal(oh say, trespassing)? It would seem to me that the door is allowing metoenter, in fact, nearly welcoming the action. For the troll, I would switch this up to say this is a public buildingafterhours. Someone leaves the door unlocked. Is this "public domain" as he is wont to throw around (without demonstrating any understanding of theterm)? So we have my analogy and your analogy. Which is right? Actually I don't think you've found the problem with my analogy. My analogy corresponds far better than yours, because when you open an unlocked door, the door is not an active participant. Whereas when you connect to a server, the server has to actually *do* something. The problem with my analogy, which may or may not be fatal to it, is that for a client to send FIN ACK and then continue to send TCP datagrams is clearly not illegal, though according to my analogy that would correspond to saying "I'm leaving your house now," and staying. And for a host to totally the RST flag is also not illegal (and rather useful sometimes: http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf), though for the client to do that would correspond to ignoring "GTFO of my house!" My analogy would actually render illegal, actions that are clearly legal and perhaps even harmless and useful. But it's still food for thought. Is accessing a server really like entering a structure on somebody's property? What are the limitations of that analogy? It may be a useful analogy, but you need to justify it if you're going to convict someone on the basis of it.Is that a totally wrong analogy? Maybe. If it is, are we be sure it is a wrong analogy, BEYOND REASONABLE DOUBT?This isn't a murder trial. You don't need emotionally charged terms. :)You may be unfamiliar with how the American legal system works. We use the reasonable doubt standard in all criminal proceedings, not just murder proceedings. The good news is that if you didn't know that and were on an American jury, the judge would tell you as part of his or her instructions to the jury. Can you imaging the judge talking about "beyond a reasonable doubt" in any criminal proceeding (e.g. jaywalking) and a juror telling the judge not to use emotionally charged terms!? That term is emotionally charged because people in the US (at least used to) believe in the rights of the accused. Oh, I can censor my language so as not to invoke people's commitment to justice? No thanks. I'll stick with the legally correct and emotionally charged terms.Really, we can use the term 'reasonable' for issues like this.Would an average reasonable person think that accessing a government computersystembecause it had a blank password in a login prompt that he normally wouldnotknow the account information for, is a bad thing? Possibly illegal?The question is not if a reasonable person could think the act was illegal. The question is if any reasonable and informed person, in light of the arguments and evidence presented in the trial (which has not yet happened), could think the act was *not* illegal. If any such person could come to that conclusion, and the jury realizes that **even if the jury doesn't itself come to that conclusion**, then the jury is required to acquit. This is the reasonable doubt standard.We can argue semantics all day,Semantic arguments are extremely important in a court, so there is no reason for us not to discuss them.but in many situations, it is the spirit of the law and what a reasonable person concludes, that is key.With what extraordinary evidence (as Carl Sagan would say) do you support that extraordinary claim? In no remotely civilized nation is it possible to convict someone in a criminal proceeding on the basis of the "spirit" of the law! Imagine that--"sir, you're technically innocent, but we're going to jail you anyway because it would really make sense if what you did had been illegal." Let's clarify something. The criminal allegation is computer fraud, right? The question is then whether or not obtaining access by entering a blank password in a password prompt is *fraudulent*. -Eliah
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US mcwidget (Oct 01)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Oct 01)
- <Possible follow-ups>
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Oct 01)
- Message not available
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Oct 05)