The House passed two bills aimed at stopping spyware:
While there's a lot of interesting stuff in these two pieces of legislation, there are just a couple of things that struck me in particular. In H.R.744 section 1030A there's an awful lot of the word 'intentionally.' To legislate based on intentions is an interesting concept.
One of the clauses in here states that whoever "intentionally impairs the security protection of the protected computer with the intent to defraud or injure a person or damage a protected computer" is in violation of this law. Now, if my intent in compromising the computer is, in fact, to expose a security risk such that it can be addressed, am I still in violation of this law?
But maybe all of this is moot, since a 'protected computer' is defined in USC 18 Section 1030 as:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication, including a computer located outside the United
States that is used in a manner that affects interstate or
foreign commerce or communication of the United States;
Based on that definition, most home users aren't really covered. Seems odd that congress would pass this anti-spyware legislation that fails to cover the majority of the victims of spyware. Did I miss something?
Comments (1)
I think intent makes perfect sense in this case as it will protect the unsavvy user from being held liable for compromising the 'protected computer'.
Also, your comment "...intent in compromising the computer is, in fact, to expose a security risk such that it can be addressed, am I still in violation of this law?", I think you would be in violation.
Intent is "planning and desire to perform an act." It doesn't qualify the intent with the relative "good or bad" adjectives. To prove this in court, all that is required is to prove the "matter of showing that there was desire to perform an act." Thus, I suggest that what you propose would be an illegal act. I guess we could really dig down in to the intent and the state of mind of the one doing the defacement, we could dig a really big hole, real fast! Ok, enough of that, I think you get the picture.
I found it interesting that you brought this up because I was reading an article regarding the defacement of phishing sites. Although the result of the defacement is helpful for the unsuspecting consumer, the act itself is still considered unlawful.
As far as I'm concerned, this defacement is much more helpful that any PSA that the Feds, States, or locals can make. By being led to a phishing site and being told in no uncertain terms that this is a phishing site, I'm hopeing that at least 25% of these people will think twice about clicking on a link in email...
Posted by go55man | May 24, 2005 5:39 PM
Posted on May 24, 2005 17:39