b5media.com

Advertise with us

Enjoying this blog? Check out the rest of the Business Channel Subscribe to this Feed

Work Boxers

To Instill Fear - Computer Crime Laws and Curiosity Won’t Mix!

by Mark on May 30th, 2008

So, in your browsers address bar you see that the secure site you’ve just signed into has an URL that contains (unencrypted?) the last four digits of your social security number. Then, being the person you are, having a concern about your neighbor’s security if they sign on to the same site, you do an experiment. You alter the last four digits to see if you somehow gain the ability to sign on as someone else.

Well, regardless of whether your experiment works or not, here is the deal;

Computer Crime Laws Chill Discovery of Customer Privacy Threats

“You’d better think twice before testing your theory. Federal and state laws that criminalize unauthorized access to computers also hobble the rights of customers and security experts to use their own browsers to test whether a computer server adequately protects their data from thieves and fraudsters. This is true even if you don’t damage, delete, alter or change anything and are acting solely with the intent to protect yourself and others. Under the Computer Fraud and Abuse Act, codified at 18 U.S.C. 1030, obtaining any information from a simple unauthorized access is a misdemeanor punishable by up to a year in jail, while the existence of other factors (such as causing damage or taking medical information) may make such access a felony. 18 U.S.C. 1030(a)(2)(c), (c)(2)(a). California’s computer crime law (Penal Code section 502) also prohibits a number of unauthorized activities with computers and computer networks. Merely accessing a computer system without permission is an infraction under California law. (c)(7), (d)(3).”

Leave the security experiments to someone else who is legally qualified to conduct them!

Tags: , , ,

Related Stories

POSTED IN: Legal, Web Tips

2 opinions for To Instill Fear - Computer Crime Laws and Curiosity Won’t Mix!

  • Khürt Williams
    May 31, 2008 at 2:58 pm

    What if the only person “who is legally qualified to conduct them” is the entity whose product has a flaw? Do we trust that they care about fixing them?

    If what you say about the CFAA ( “acting solely with the intent to protect yourself ” is illegal ) then isn’t the RIAA violating the law by putting spyware into MP3 on file sharing networks?

  • Mark
    May 31, 2008 at 8:12 pm

    Hey Khurt…

    Actually, I meant for those of us who might be curious to not conduct our own experiments.

    Oh, btw - this was a quote from the EFF - they said ““acting solely with the intent to protect yourself ” is illegal so you would have to ask them that question.

    Thanks for the thoughts! My guess would be anything you find about the RIAA that is objectionable is probably spot on…

Have an opinion? Leave a comment: