Mark, it really seems to me to be a lot simpler than you're making out. The question is whether or not someone is "authorized". This key phrase is usually pretty poorly defined in law, but generally includes something along the lines of "reasonably should be aware ... not authorised". This is why admins stick electronic "Keep Out" notices all over restricted systems; of course a password serves the same purpose. But the common sense you refer to earlier suggests that if a document is stored in such a way that it it is readily accessible to anyone on a network, then anyone on the network is authorized to see it. Certainly there is no reason to believe that access is meant to be restricted, so you cannot reasonably be aware of it. Otherwise, you are requiring the reader to *guess* the intentions of the document's author! Imagine if you could commit a crime by clicking on a link on the web and coming to a page that had been published in error!

I suspect the reference to ownership probably comes from some domestic disputes, where one spouse had a private document stored on a computer owned by the other. Do you have authorised access to documents stored on your own computer, by other people? What about on a public computer? If someone puts a document on a publicly accessible share of a compter, and marks it in some way as private (but without the system's owner giving authority to set access restrictions), who has a right to see it? I am not a lawyer, but in certain on-line fora the consensus seems to be "nobody knows". In this case, an unclassified document of considerable concern to the public, and by law specifically excluded from being subject to intellectual property rights, was produced by public employees working on public time, and stored on a publicly owned machine without any access restrictions. If there is some way this can be claimed to be subject to "authorisation" simply because someone is aghast at its exposure, then authorization is a very broad brush indeed.

As a secondary point, I really think the whole "cybergate" issue is a smokescreen for the real issue. I am not an American, but even in my country it is reasonably well known that the process of appointing US Supreme Court Justices has been thoroughly corrupt, for a very long time - on both sides of US politics. What we have here for the first time is substantive evidence of that fact, and perhaps for the first time since 1805 an opportunity, if a very small one, to fix a rotten system.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/219/24929#24929