Nmap Announce mailing list archives
RE: publicly available resources and the law
From: "rain.forest.puppy" <rfpuppy () iname com>
Date: Tue, 23 Feb 1999 22:02:41 -0600 (CST)
This is a pretty interesting topic, so I just wanted to share some info I found RE: computer crime laws in Illinois, US: "Access" is defined as means to use, instruct, communicate with, store data in, retrieve or intercept data from, or otherwise utilize any services of a computer. (I think portscanning would fall in that) COMPUTER TAMPERING: A person commits the offense of computer tampering when he knowingly and without authorization of a computer's owner, or in excess of the authority granted to him, when he accesses or causes to be accessed a computer or any part thereof, or a program or data (and possibly obtains data or services). (There's also a mention of "accesses and alters computer program or data"...if you have a good prosecutor perhaps just the fact that the logs are altered (appended) could fall under this) (Now, of course, there's the issue of owner's authorization...but notice the clause 'in excess of the authority granted to him'. I like to believe use of of a SMTP service *NOT* defined as an MX entry and the use of a DNS service *NOT* listed as a NS in DNS is unauthorized--however, web services are a little more fuzzy...http://www.domain.com is an authorized webservice? What about http://domain.com? Or http://www1.domain.com? Perhaps 'authorization', as stated above, could mean by suppling authorization...if you don't need to supply authorization (web), does that imply authorization by owner? does anyone know of any precedence on this?) PENALTY OF COMPUTER TAMPERING: -Class B misdemeanor for just accessing. -Class A misdemeanor (1st)/ Class 4 felony (2nd+) for accessing and obtaining data. -Class 4 felony (1st)/ Class 3 felony (2nd+) for deleting/altering data, any physical or logical (<-programs) damage, or running any type of 'program' (set of instructions....including shell commands like 'ls', etc) -------------------------------------------------------------------- Now, from what nmap does, I'd consider it just accessing without obtaining data, and would peg it as a class B misdemeanor. Perhaps the fact that banners are sent by the system might upgrade it to class A misdemeanor. And of course, penalites differ per state. This is (old?) info from www.eff.org, found at: www.eff.org/pub/Legal/comp_crime_us_state.laws Cheers, .rain.forest.puppy.
Current thread:
- RE: publicly available resources and the law, (continued)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Lamont Granquist (Feb 23)
- RE: legality of port-mapping Dragos Ruiu (Feb 23)
- RE: legality of port-mapping Lamont Granquist (Feb 24)
- Re: publicly available resources and the law Daemor (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law rain.forest.puppy (Feb 23)
- Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Ken Williams (Feb 24)
- Re: publicly available resources and the law Fyodor (Feb 24)
- Re: publicly available resources and the law Jesse Whyte (Feb 25)
- Re: publicly available resources and the law David Dennis (Feb 25)
- publicly available resources and the law System Administrator (Feb 25)
- Re: publicly available resources and the law vik bajaj (Feb 25)