Nmap Announce mailing list archives

Re: publicly available resources and the law

From: vbajaj () sas upenn edu (vik bajaj)
Date: Thu, 25 Feb 1999 18:33:34 -0500 (EST)

why is snooping a net application or host considered by some to be a
higher threat to anything, and why would we want the laws to be more
severe than they are (not) for the examples above ?


I really think that Fyodor's post on this issue was more or less 
definitive.  My experience in investigations have really ended in the 
same conclusions.  They fall into:

1. Interaction between Federal, State, Local and institutional laws and 
   regulations.

2. Civil actions.

3. Willingness and ability of law enforcement to investigate and gather
   evidence.

4. Willingness of the U.S. Attorney to prosecute the typical offence, 
   given the severity of the atypical one, or willingness of the local
   DA to take action.

5. Nature of the evidence and audit trail in an attack.  In particular, 
   its admissability under Federal rules of evidence or others (see (1)).

As has been pointed out, item (1) is filtered through the offices of 2-5
before any initial action is taken.  Analogies are neither productive nor
important in this discussion, unless you are a lawyer. Indeed, let's keep
in mind that, in addition to port scanning, oral sex is still not legal in
some states. 

The bottom line, in both cases, is that you probably won't be prosecuted. 
You might be, but probably not (unless you're the President).  Fyodor's
advice relates to the civil domain:  namely, know your own intent, and
don't engage in such activity using resources whose loss you cannot
suffer. 

I would be happy to discuss 2-5, because I just finished some research in 
those areas for an institutional client.  However, I really think that 
I'm not unjustified in assuming that none of us are going to add anything 
new to the discussion about the legislation and its interpretation.

For this reason, if anyone is interested, I have created a mailing
list.  Just email net-legal-subscribe () security unplug org 
(cpu1894.adsl.bellglobal.com - there are DNS problems) and follow the 
instructions.  I'm sure that there are other lists/newsgroups for this 
purpose, but at least we can keep the immediate noise on this list down.

Truly,

Vik

Current thread:

RE: publicly available resources and the law, (continued)
- - - RE: publicly available resources and the law rain.forest.puppy (Feb 23)
    - Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
  - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Ken Williams (Feb 24)
    - Re: publicly available resources and the law Fyodor (Feb 24)
    - Re: publicly available resources and the law Jesse Whyte (Feb 25)
    - Re: publicly available resources and the law David Dennis (Feb 25)
    - publicly available resources and the law System Administrator (Feb 25)
    - Re: publicly available resources and the law vik bajaj (Feb 25)
- RE: publicly available resources and the law Benjamin Smee (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law ark (Feb 25)
- RE: publicly available resources and the law Dion Stempfley (Feb 26)
  - Re: publicly available resources and the law Bennett Todd (Feb 26)