-Caveat Lector- http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2237838%2C00.html Melissa manhunt creates precedent Some legal experts raise red flag about computer code that paves way for 'virtual tracking.' By Joel Deane, ZDNN April 6, 1999 4:44 PM PT The use of tracking technology to apprehend David L. Smith, the programmer charged with authoring the Melissa virus, may have created a dangerous precedent for electronic privacy, according to legal experts. Smith, 30, of Aberdeen, N.J., was arrested last Thursday, following a national manhunt. He will be arraigned in Monmouth County Superior Court at 7 a.m. PDT Thursday. According to New Jersey Deputy Attorney General Christopher G. Bubb, Smith's arrest was made as a direct result of information provided by America Online Inc. (NYSE:AOL) Have an opinion on this story? Add your comments to the bottom of this page. The online services company led investigators to a phone number and then the newsgroup where the macro virus was first posted. A controversial Microsoft document identification technology -- the Global Unique Identifier, or GUID -- also appears to have played at least a minor role in the Melissa manhunt. 'There's no guarantee that companies won't do these kind of things for less lofty reasons. ... The process becomes legitimized -- you have created a precedent." -- Gerry Jenkins, Internet lawyer David Sobel, general counsel for the Electronic Privacy Information Center, said the virtual tracking of Smith gave an indication of how electronic identifiers such as Intel's ID chip could be used by law enforcement agencies -- and set a "potentially frightening" precedent. "Cases like this always occur in the context where people might agree with the outcome," Sobel said -- such as catching the person believed responsible for a damaging virus. But, he asked, what if China used the same identifying technologies to track dissidents? "There are lots of human rights implications," he said. Gerry Jenkins -- a Chicago-based Internet lawyer with Goldberg, Kohn, Black, Rosenbloom and Moritz -- said Smith's arrest could be a case of hard cases making bad law. Bad precedent While it's very important to demonstrate to virus writers that if they write damaging code they will be caught and punished, Jenkins said: "The problem is that there's no guarantee that companies won't do these kind of things for less lofty reasons. There's no guarantee that privacy policies won't change based on what is in their best interests at the time. "The process becomes legitimized -- you have created a precedent." Jenkins said AOL, which was roundly criticized last year for inadvertently releasing a user's identity to U.S. Navy investigators, had a policy to protect customers' privacy. "I think they made the decision that David Smith wasn't a person they wanted to protect," he said. Listen to ZDNN's unedited interview with Jennifer Granick Jennifer Granick, a San Francisco criminal defense lawyer who specializes in high-tech issues, said the Smith case "definitely" broke new ground. "It's not new that AOL cooperates with law enforcement in investigations, but some of the elements of the investigation are new, such as the GUID," she said. "A case like this points out to the average consumer how the software in their lives can be compromising to their privacy," she added. "That's a serious area of concern." Legitimate use of technology? At least one online privacy expert, however, wasn't alarmed by the Smith case. David Sorkin, professor at Chicago's John Marshall Law School and associate director of the Center for Information Technology and Privacy Law, said he didn't see the Smith case as a case study in online privacy. The use of tracking technology to apprehend a suspect was legitimate, Sorkin said, so long as investigators had probable cause and obtained the appropriate court orders. Of greater concern to Sorkin is the fact that different jurisdictions even within the United States have different standards regarding electronic privacy. "The fact that they were able to, and did use, the identifier and Internet logs used by America Online demonstrates the extent to which peoples' movements on the Internet can be tracked -- and the potential dangers," Sorkin said. Keeping tabs on ISPs EPIC's Sobel said he would follow Smith's case "very closely" -- especially if it goes to trial. "I think the case, generally, is going to give us an interesting glimpse into how individuals can be tracked on the Internet. The GUID is one of those, but so is the record-keeping procedures of ISPs like AOL," Sobel said. "It's one of the first case studies that we are going to have of the use of various devices to combat anonymity." DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om