Xref: utzoo misc.legal:26258 comp.org.eff.talk:2417 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!romp!auschs!d75!bei From: bei@d75.UUCP (bei) Newsgroups: misc.legal,comp.org.eff.talk Subject: Re: sysop liability/responsibility Message-ID: <3935@d75.UUCP> Date: 20 May 91 21:03:29 GMT References: <1991May20.051224.16358@gn.ecn.purdue.edu> <1991May20.130200.11894@unlinfo.unl.edu> Reply-To: bei@rt_trace.austin.ibm.com (Bob Izenberg) Followup-To: comp.org.eff.talk Distribution: na Organization: IBM AWD, Austin, TX Lines: 69 In article brown@cs.utk.edu (Lance A. Brown) writes: >I do not know if this applies, but there was some (IMHO) really slimey >tactics being used in the Knoxville area by some government agent a couple >months ago. >This guy somehow managed to get a-hold of passwords for some users on the >largest local BBS's. Think of an individual's computer(s) seized in a government raid. All the ProComm, Red Ryder, et cetera dialing directories are perused. Do the gov't folks call any of those numbers and log on as the account's owner? If so, are they impersonating that person? If you were going to say no, consider the common law enforcement claim that the username that one uses online (even if it's an alias) represents an actual person. You don't necessarily need a paid confidential informant, just a seized computer with account IDs and passwords on it. Another aspect of this is an individual's liability for acts committed by law enforcement personnel in disguise. Joe Average has his computer seized, and scrapes the cash together to buy a new one and a modem in six months. Whether by finding old backups or reading his phone bills, he pieces together much of an old dialing directory. On his first calls to Genie or Compu$erve, it soon becomes apparent that his account has been used in the time that his equipment was not in his possession. Is he financially liable for those connect charges? Let's also assume that Joe A. joined a few pay bbses and paid for time in advance. When he dials one of them, the time that he paid for has past. In the seizure of his equipment, he was prevented from accessing electronic information services of which he was (presumably) a customer in good standing. Is it relevant that he could have used another computer to dial them up? Yes, if the computer stores in your neighborhood are giving them away for free. Law enforcement personnel, and the private security personnel that accompany them, wouldn't be unduly hampered in their jobs by an awareness and sensitivity to the role that computers can play in people's lives. A computer which holds your personal phone numbers, your tax and other financial information, and the fruits of your skills and creativity should not be denied you for undue amounts of time. The lack of skilled investigative techniques and personnel doesn't absolve law enforcement agents from a duty of conscience, to do what they need to do and then *end* it. > He used these accounts to upload commercial software >and then waited to see what happened. If the sysop removed the software >then nothing happened, but if the sysop appeared to not do anything about >it this agent would come forward and warn the sysop about his behavior and >threaten legal action. Was this software concealed in any way? Did the agent clearly identify it as the commercial software that it was? It doesn't play well in Peoria when a narcotics undercover officer snorts the same coke as the guy that he arrests, but pays no penalty (other than the use of the drug -- ObAnti-Drug message.) >I find this >kind of behavior reprehensible, and what I would call entrapment. The fact >that this agent had somehow stolen passwords also makes me angry. It sounds like entrapment to me as well. If, for example, the agent puts up Microsoft Word and it's downloaded by seventy-five users before the sysop spots it and removes it. Even if it was only half an hour before the file was expunged, it was circulated. Who is culpable if civil or criminal charges result? The bbs operator who exercised reasonable caution and removed the files in a timely fashion? Or the user that uploaded them? (Who, were he not a spook or in the employ of spooks would face charges for those actions.) -- Bob -- Opinions expressed in this message are those of its author, except where messages by others are included with attribution. No endorsement of these opinions by Ralph Kirkley Associates or IBM should be inferred. Bob Izenberg [ ] Ralph Kirkley Associates work: 512 838 6311 [ ] bei@rt_trace.austin.ibm.com home: 512 346 7019 [ ] bei@dogface.UUCP