Return-Path: <sentto-279987-2698-1002251075-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 04 Oct 2001 20:07:31 -0700 (PDT) Received: (qmail 24134 invoked by uid 510); 5 Oct 2001 03:04:41 -0000 Received: from n29.groups.yahoo.com (216.115.96.79) by 204.181.12.215 with SMTP; 5 Oct 2001 03:04:41 -0000 X-eGroups-Return: sentto-279987-2698-1002251075-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n29.groups.yahoo.com with NNFMP; 05 Oct 2001 03:04:36 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 5 Oct 2001 03:04:34 -0000 Received: (qmail 34270 invoked from network); 5 Oct 2001 03:04:34 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 5 Oct 2001 03:04:34 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 5 Oct 2001 03:04:31 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id UAA02442 for iwar@onelist.com; Thu, 4 Oct 2001 20:04:12 -0700 Message-Id: <200110050304.UAA02442@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 4 Oct 2001 20:04:11 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Computer.hacker.--.vandal.or.terrorist?] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Computer hacker -- vandal or terrorist? Jennifer S. Granick, SF Chronicle, 10/4/2001 <a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/03/ED75949.DTL">http://www.sfgate.com/cgi-bin/article.cgi?f=/chronicle/archive/2001/10/03/ED75949.DTL> WHEN TERRORISM hit home on Sept. 11, there was nothing "cyberterrorist" about it. Yet, the House is now considering a bill that would reclassify computer hacking as a terrorist offense if it is done to influence government action by intimidation or coercion, or to retaliate against government conduct. The proposal, the PATRIOT (Provide Appropriate Tools Required to Intercept and Obstruct Terrorism) Act of 2001, increases the statute of limitations for hacking from five to 15 years. Those convicted could be sentenced to life in prison, and the federal system does not have parole. Another amendment would make those who give "expert advice" into terrorists themselves if they advised knowing that it may be used in the preparation or commission of computer hacking. The spirit of national unity and the aching fear of terrorism foretell that some form of this bill or the Senate version will pass into law. The House is expected to vote on its version tomorrow. With that vote, I could become a terrorist, depending on how judges interpret the prohibition against giving "expert advice" to hackers. I am a criminal defense lawyer who represents people charged with computer-hacking offenses. I also teach at Stanford Law School, examining how laws affect computer security, freedom of speech, privacy and scientific progress. Legally speaking, hacking offenses are defined like trespass or burglary, an instance where the perpetrator illegally enters someone else's computer and intentionally causes damage. Technologically, there may be no walls, no passwords, no definitions, no clear boundaries. Disgruntled ex-employees have been found guilty of computer trespass for sending unwanted e-mails complaining about the boss to their former co-workers, and companies have been held liable for using a software program to scan a public Web site for online auction prices. Before these rulings, many people would not have thought these things were crimes. The proposed anti-terrorism law adds another layer of uncertainty to the already vague definition of criminal hacking. The bill singles out hacking "calculated to influence the conduct of government by intimidation or coercion, or to retaliate against government conduct." I agree that coercing government action through fear is a terrible crime that subverts the very essence of democracy. But there have been hackers who have defaced Web pages to protest Indonesia's occupation of East Timor, or altered the New York Times Web site to protest a government decision to prosecute Kevin Mitnick. The public Web sites of the Department of Justice, the FBI and the CIA have all been hacked and vandalized in the name of online protest, in varying degrees of eloquence. No important government functions were threatened, but the new terrorism law and its penalties would apply, since these acts were in retaliation to government policy. Whether you view "hacktivism" as criminal behavior or political protest, these offenders are, at most, digital vandals. By focusing solely on the motivation of the hacker, and not on the capability of the hack to threaten health, safety or welfare and thereby to create fear, the proposed law fails to strike at the heart of terrorism, which is to cause terror. And once hacking is terrorism, one who harbors or provides expert advice or material assistance to these people is also a terrorist. Since most computer- security tools can be used to both safeguard and crack a system, vendors should beware -- as should lawyers. Hard as it is to believe that a lawyer could be investigated for providing advice to hackers, I believe it is possible. Before one presentation I gave a few years ago at a hacker conference in Las Vegas, the San Francisco FBI called me to warn me not to advise the attendees how to escape capture or to encourage them to break the law. And that was then. . . I've been very critical of the current law against computer hacking because it doesn't distinguish between digital vandalism and something more serious, like breaking into the 911 system or taking over nuclear power plant computers. The new law compounds the problem. Americans, myself included, fear future terrorist attacks. But if we make terrorists out of Web vandals, "hacktivists" or security-tool vendors, we will not be safer. In fact, security will suffer, and we will find the lesser criminals among us treated with an unearned harshness. There is no bargain here. We all would lose. Jennifer S. Granick is the director of the Stanford Law School's Law and Technology Clinic. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST