[plug] [OT] Ferral Politics

Ben Jensz jensz at wn.com.au
Tue Oct 30 11:59:12 WST 2001


I personally don't see why network scanning should be illegal unless it is
blatantly being used in conjunction with deliberate means of finding out
sensitive/privileged information and data (such as passwords etc).

Think of it like this.  If you were very careful about which bank you put
your money into in terms of security, and by checking this you went into the
bank and walked around and were looking for security devices such as alarms,
cameras, movement sensors etc, that could also be seen that you were "casing
the joint" to rob it, but you just might be checking it to see how secure it
would be for keeping your valuables and money there.  You haven't done
anything illegal by looking at what you can publicly see have you?

Then look at it in terms of a web site you are accessing.  If you are
accessing a web site and sending personal data or even credit card details
to it, wouldn't you be interested in seeing how secure that web site and the
server that hosts it on is?  Not everyone is interested in seeing exactly
how secure their bank is, just like they wouldn't be interested in seeing
exactly how secure a server is that is storing valuable information (such as
credit card information or other personal identifying information).

I mean making network scanning illegal... wouldn't that make the "whats that
site running?" feature on Netcraft's web site illegal?  Because its probing
systems upon request from normal web users to find out what web server
software they are running and what OS.  Potentially you could find a system
through using that site running a version of a particular software package
that had an exploit in it..

What I'm curious about is how you would prove the difference between intent
to commit a crime and someone just being curious or even someone just
finding out a way into a system by accident?

I mean there are several ways you could interpret what those laws... but
which way is the right way?  Where is the line drawn?

I mean the way you put it in your Net Law Roundup Jeremy puts some of it
into clear terms.  But to me, there are still things which I'm not clear
on..

Don't take that the wrong way by the way.. I'm being curious, not
hypocritical. :)


/ Ben

----- Original Message -----
From: "Jeremy Malcolm" <Jeremy at Malcolm.wattle.id.au>
To: <plug at plug.linux.org.au>
Sent: Tuesday, October 30, 2001 11:33 AM
Subject: Re: [plug] [OT] Ferral Politics


> Carl Gherardi wrote:
> >
>
> > While on the topic of draconian laws(kinda), does anyone know whether
the
> > bill proposed to make network scanning of any sort illegal was passed.
> > >From memory only asio and military institutions were exempt from this.
>
> If you mean what I think you mean then yes this occurred just before
> Parliament recessed, but the legislation does not necessarily make
> network scanning illegal.  A fuller but simple description is at
> http://www.ilaw.com.au/public/netlaw5.html and a more detailed analysis
> is at http://www.efa.org.au/Analysis/cybercrime_bill.htm.
>
> --
> JEREMY MALCOLM <Jeremy at Malcolm.wattle.id.au> http://malcolm.wattle.id.au
> Providing online networks of Australian lawyers (http://www.ilaw.com.au)
> and Linux experts (http://www.linuxconsultants.com.au) for instant help!
> Disclaimer: http://www.terminus.net.au/disclaimer.html. GPG key: finger.
>



More information about the plug mailing list