On 22 Jul 99, at 18:18, Derek Martin wrote:
> On Thu, 22 Jul 1999, Dave Gillett wrote:
>
> > On 21 Jul 99, at 18:04, Matthew G . Harrigan wrote:
> >
> > > Last I checked, utilizing things such as port scanners, tcp fingerprinting
> > > tools, and the like are not illegal, because there is no way to
> > > disseminate legitimate system administration techniques (you'll notice that
> > > enterprise network management packages which do network discovery utilize
> > > all of the above.) from actual penetration attempts, unless the activity
> > > yields someone actually gaining user level access to a said networked
> > > device. I would find it hard to believe that someone could be prosecuted
> > > based on something like an nmap scan.
> >
> > This is like saying that car theft can't be illegal because it would
> > prevent anyone from ever driving! [Clue: It becomes criminal when you don't
> > have the owner's permission....]
>
> Did you obtain the permission to send mail to this mailing list from the
> owner of the machine and network that it resides on? NO? YOU MUST BE
> BREAKING THE LAW by sending your mail then... by your definition.
There are important differences between:
1. All port scans are legal. [The assertion I believe I've been
rejecting.][In the passage quoted above, Matthew appears to me to be arguing
that all port scans must be legal because some are legitimately useful.]
2. Some accesses are illegal, and in many cases port scans may be construed
as meeting the criteria for illegality (whether this was the intention of the
legislators or not).
3. All accesses are, or should be, illegal. [Which is how I think you've
misrepresented my position here.]
One of the criticisms levelled at the Oregon statute is that while it
criminalizes only "unauthorized" access, it never really defines what
constitutes "authorization".
The question of whether or not I am authorized to send messages to the list
presupposes that the list-owner is authorized to run a listserver on the
host; I believe that would implicitly convey to them the right to authorize
or deny individuals to post via the list. If you want to get really picky,
the publication of subscription info may be s construed as authorization to
attempt to subscribe, and the acceptance of a subscription as authorization
to post. [There are listservs for which subscription info is not generally
circulated and subscription requests are not routinely accepted, so I don't
think this is a stretch.]
So I would argue that my answer to
> Did you obtain the permission to send mail to this mailing list from the
> owner of the machine and network that it resides on?
must be: I have good faith belief that such permission was extended to me by
someone authorised by that owner to extend such permission.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
