tag:blogger.com,1999:blog-13756280.post3246604455389032687..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: You could be a felon if you've done any of the followingJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-13756280.post-32582980987179309512008-05-30T05:36:00.000-07:002008-05-30T05:36:00.000-07:00Jeremiah, you're right that precedence (i.e. "case...Jeremiah, you're right that precedence (i.e. "case law") drives interpretation in absense of - and sometimes in presence of - good statutory law. All I'm saying is that the power of case law rests with the courts and not with the prosecutors. And we're talking about the Ninth Circuit here, so I wouldn't worry about it yet.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-33643484884244760902008-05-29T15:15:00.000-07:002008-05-29T15:15:00.000-07:00This is so scary - I think everyone should keep a ...This is so scary - I think everyone should keep a close eye on it. For anyone that thinks this is alarmist, you're just retarded. Gary McGraw talked about the legal uselessness of EULAs at OWASP Belgium regarding WoW hackers, but maybe TOS is different.<BR/><BR/>I also think that some of the top people in our space should volunteer their services as expert witnesses pro-bono.Arshan Dabirsiaghihttps://www.blogger.com/profile/17228728745073712711noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-25961591441900424712008-05-29T14:09:00.000-07:002008-05-29T14:09:00.000-07:00@Cyberlocksmith, If I have my facts straight, I do...@Cyberlocksmith, If I have my facts straight, I don't think Lori Drew is accused of having intentionally tried to get the teen to commit suicide.<BR/><BR/>@Anonymous1, you know this is a security blog right? I mean, we're paid to be paranoid here. And perhaps Im not up to speed on how the law works, but they are rarely changed, more often precedence drives the current interpretation.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-16932433697496879172008-05-29T13:28:00.000-07:002008-05-29T13:28:00.000-07:00I don't think there is such a thing as a "positive...I don't think there is such a thing as a "positive example of creative prosecution."<BR/><BR/>Laws should be understandable and easily followed. We shouldn't have to worry about some prosecutor getting creative on us.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-88137505741276774102008-05-29T12:25:00.000-07:002008-05-29T12:25:00.000-07:00Geez, worry much?I think this is actually a positi...Geez, worry much?<BR/><BR/>I think this is actually a positive example of creative prosecution. Why don't we let the courts decide if 18 USC 1030 applies to the Drew case? If not, we should urge our lawmakers to revamp or replace 1030, which is over two decades old.<BR/><BR/>The fact is, prosecutors don't set precident. Courts do. Let it play out.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-36510829575445748242008-05-29T12:01:00.000-07:002008-05-29T12:01:00.000-07:00I agree Jeremiah that this is troubling in so many...I agree Jeremiah that this is troubling in so many ways.<BR/><BR/>That said, I am conflicted over the issue. If it can be proven that the intent of the accused was to influence the teen into committing suicide then punishment may be warranted. In the end, the teen *allowed* herself to be influenced by the MySpace posts which saddens me. Given more details about the case, I *may* be inclined to offer the prosecutor whatever 'juice' s/he needed to do their job.<BR/><BR/>On the other hand, from a purely defensive and perhaps paranoid infosec perspective, I also fear the repercussions of this. When an online form asks for my phone number in order to d/l a white paper or something, will I be breaking the law if I enter an invalid number?<BR/><BR/>On balance, I agree with you that this *could* be a dangerous precedent but I am not sure there are any easy answers here.Cyberlocksmithhttps://www.blogger.com/profile/13175100431415426778noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-22883792701024845192008-05-28T20:59:00.000-07:002008-05-28T20:59:00.000-07:00Thanks Jeremiah - yet another case where the gover...Thanks Jeremiah - yet another case where the government's inability to cope with technology advancements and "cybercrime" creates a situation where a mis-understood system is thrown into a "we need to fix the web with 1920's law!" tizzy. As long as we have government officials and Congressmen/women who believe the "Internet" is a series of tubes we're screwed.<BR/><BR/>Oh, and the obligatory link to Bruce's site is just... *gah*Rafal Loshttps://www.blogger.com/profile/18106347834259269413noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-63838193954381317622008-05-28T13:55:00.000-07:002008-05-28T13:55:00.000-07:00Ok, I'll pimp my own blog post on this subject gen...Ok, I'll pimp my own blog post on this subject generally since I'm that kind of guy.<BR/><BR/>http://securityretentive.blogspot.com/2008/01/mark-rasch-puts-me-to-shame.html<BR/><BR/>The real information though can be found in Mark Rasch's original piece on securityfocus, which I link to, but I'll include here so you don't have to give me traffic.<BR/><BR/>http://www.securityfocus.com/columnists/463Andy Steingrueblhttps://www.blogger.com/profile/07177656204885181542noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-18292140832506284472008-05-28T13:18:00.000-07:002008-05-28T13:18:00.000-07:00Lawyer Orin Kerr has done some papers on just how ...Lawyer Orin Kerr has done some papers on just how broad "cybercrime" is. In theory, connecting to IBM's website without following their TOS 100% could leave you vulnerable.<BR/><BR/>I think it's the first article on this page: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=328150Dan Weberhttps://www.blogger.com/profile/06626675217693199470noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-45445397658274220632008-05-28T13:06:00.000-07:002008-05-28T13:06:00.000-07:00This only really applies to that one lady who caus...This only really applies to that one lady who caused that poor, innocent teenager to commit MySpace-suicide.<BR/><BR/>And Adrian Lamo.<BR/><BR/>And Kevin Mitnick.<BR/><BR/>And anybody else that the someone "doing the fed dance" decides that they stand to make more money or power by causing an otherwise nonpunishable offense to be pursued in criminal (instead of civil) court when the person is "obviously guilty, at the very least by association to something that probably should be a crime".<BR/><BR/>The chance of anyone who actually does any real damage via computer crime going to prison approaches zero faster and harsher during these quiet times. For example, people with JS-SQLi or Dowd-Flash web-worms.<BR/><BR/>This is more about the social psychology of risk than anything else. See Schneier on the "How to Sell Security"<BR/>http://www.schneier.com/blog/archives/2008/05/how_to_sell_sec.html<BR/><BR/>This lady has about a 10% chance to win a federal case before she goes to prison and can try for another 10% again in 5-10. Also see: Kevin Mitnick.<BR/><BR/>If we're even 50% right about her actions being criminal, then that's good enough to make her wait in prison until we figure this out.<BR/><BR/>It's better to imprison 1 major Internet kingpin out of 33, then to let 32 out of 33 off-the-hook.Anonymousnoreply@blogger.com