Xref: utzoo alt.security:1447 alt.folklore.computers:4921 comp.society.futures:2062 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!usc!ucsd!hub.ucsb.edu!spectrum.CMC.COM!lars From: lars@spectrum.CMC.COM (Lars Poulsen) Newsgroups: alt.security,alt.folklore.computers,comp.society.futures Subject: Re: Re: Feedback on Computer Crime - Apology Message-ID: <1990Aug27.162618.11149@spectrum.CMC.COM> Date: 27 Aug 90 16:26:18 GMT References: <1990Aug25.095033.29589@funet.fi> Organization: Rockwell CMC Lines: 61 eal@kaarne.tut.fi (Lehtim{ki Erkki) writes: >> One day, when I was going to connect to node xxx.yyy.a.b, I >> mistakenly connected to yyy.xxx.a.b >> >> Well, I get message Sun-Os ....... and the login-prompt, which I was expectin >> But before I typed my user name, I noticed that the organization was wrong, >> so I typed ^D instead. >> >> Now, have I committed a crime or not? In article jon@vector0 (A Product of Society) writes: > Yes, if in California and the connection was not interstate. You are way out in left field, buddy. >:California Penal Code S [Section] 502: >:::Computer data access fraud; legislative findings; definitions... > ...any person who commits any of the following acts is guilty of a >public offense: > ... >(3) Knowingly and without permission uses or causes to be used > computer services. > > [ You did this one: You used computer services without permission. > But as per a court ruling somewhere, a "Welcome to.." message was > judged to be adiquate permission. ] The premise stated was a MISTAKEN connection. The statute says there is fraud only if KNOWINGLY using such service without permission. And just as it is generally deemed okay to walk of to the front door of a house to read the nameplate, and then walk away when you see that you don't know the person, it should be assumed that the public is granted permission to read the login prompt. >(5) Knowingly and without permission disrupts or causes the disruption > of computer services or denies or causes the denial of computer > services to an authorized user of a computer, computer system, or > computer network. > > [ You did this one too. Technically, there's more than one node > per system; but a legitimate user might have gotten a busy code > while you were connected. --Two felonies, not bad for a wrong > number, eh? ] Again, the example's connection was not made KNOWINGLY. >(6) Knowingly and without permission provides or assits in providing a > means of accessing a computer.... At the level you are going, I'm surprised that you don't chalk one up to the phone company (for providing wires - knowingly), to the owner of the originating host, for allowing the TELNET program to be executed ... The real issue is that we - as professionals in the field - have a somewhat fuzzy concensus of what's right and what's not. We may disagree a lot, but locked up in a jury room, I bet we could find common ground. But we do not trust the courts - or even the district attorney - to be "reasonable". -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM