David Honig wrote:
> TRENTON, N.J. (AP) - A graduate student at Colorado
> State University has been arrested and accused of
> trying to extort money, a car and free downloads from a
> New Jersey company that sold digital books over the
> Internet.
This is a lot like the guy who reverse engineered that European ATM card,
and tried to sell his knowlege back to the card's creators. He got tried
and convicted, even though he was negotiating through a lawyer.
Perhaps someone can explain a bullet-proof protocol for permitting a
company to compensate you for stress-testing their security products and
giving the information to them, without it being represented that you are
blackmailing them with threats to use the information to harm them.
Obviously, calling the company and saying - "If you don't leave $50k in a
brown paper bag at the bus stop at 3 AM, I will publish your reverse
engineered decryption keys on Usenet" - is not the correct approach.
In many such cases, even through the researcher may be negotiating in good
faith, FBI agents may wiretap and lead the conversation in directions
which meet the technical quid pro quo required for a conviction under the
extortion statutes.
FBI Agent: So if we pay you $1000, you will turn the information over
us and sign a non-disclosure agreement, and if we don't, you
will publish.
Patsy: Uh, I guess so.
[Sound of jackbooted thugs breaking down door]
Seems like a problem that probably has a Cypherpunkish solution.
--
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"
