I think you are wrong. The prosecutor (Ms. Johnston) said "The other way the defendant can cause impairment which is cognizable is that there must be an impairment to the integrity of the data or a program or the system or even to information. Pursuant to the Shugart case which I think the Court has also seen us cite, 119 F.Sup.2d 1121, integrity when you're talking about computers has to do with both the sanctity at the data so that it's uncorrupted, but it also has to do with the integrity of the system. And that's what this case has really been about.

...

To boil it down and restate the element to make it as simple to understand as possible, it's this. The defendant must have intend to disrupt the operation of or the security of a computer or its contents."

That says it all, they say the case is really about in integrity of the computer, which was harmed by posting a security advisory. That is the point they are driving home.

It doesnt matter if he posted the advisory because he wanted to get back at someone or not, posting a security advisory should not be illegal! The first amendment should protect people (in the US anyway). Personally if he wanted to 'get them back' he could have done FAR more damage posting that publicly rather than just telling the people that were affected. How many people did not hear about this problem that may in the future buy? Had he gone to the newspapers, or mailing lists like bugtraq it would have been more widely known and more reputation damage would have resulted. Further bugtraq and most newspapers are archived online so searches in the future would have turned that item up. He kept it quiet, which goes against the retaliation theory.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6643/21255#21255