Digg this story   Add to del.icio.us   (page 3 of 7 ) previous  next 
Mother, May I?
Mark Rasch, 2008-01-23

Story continued from Page 2

Forgive Me My Trespasses

One of the most ancient common law actions was that of "trespass" which in its oldest form related to any unlawful interference with one’s person, property or rights. Thus, unauthorized use of a website is sued as "trespass to chattels." However, in its most common modern form, "trespass" generally refers to "trespass to land" -- the "unauthorized" entry onto, or remaining on the land of another. You don’t have to physically enter the property to be guilty of trespass -- throwing a rock onto someone else’s property is trespass, as is undermining it by blasting.

At common law, all "unauthorized" entries to someone else’s property would be a "trespass" even if no harm is done to the property, although it may be difficult to prove "damages." As one commentator noted:

... a mail carrier has a privilege to walk up the sidewalk at a private home but is not entitled to go through the front door. A person who enters property with permission but stays after he has been told to leave also commits a trespass. Moreover, an intruder cannot defend himself in a trespass action by showing that the plaintiff did not have a completely valid legal right to the property. The reason for all of these rules is that the action of trespass exists to prevent breaches of the peace by protecting the quiet possession of real property.

In a trespass action, the plaintiff does not have to show that the defendant intended to trespass but only that she intended to do whatever caused the trespass. It is no excuse that the trespasser mistakenly believed that she was not doing wrong or that she did not understand the wrong.

In the early 1980’s, as legislatures first began to pass computer crime laws, they attempted to correct a perceived "loophole" in the law of trespass. If I broke into your house and looked at your files, I committed the crimes of "trespass" and possibly theft of property and burglary. If, on the other hand I did the same thing with your computer, I committed no offense at all, except possibly wire fraud. Merely "breaking in" to your computer was not necessarily an offense. Thus, most modern "computer crime" statutes contain at least a misdemeanor "computer trespass" provision, which prohibit "access" that is "unauthorized."

What is "authorized?"

The problem with these computer trespass provisions is the fact that they are vague. Like North Dakota’s, they prohibit computer "access" that is "without authorization" or "in excess of authorization" of the "owner" of the computer. The problem comes when computer users enable a function or feature of a computer which permits access to the computer or network. Is this "authorizing" people to use or even exploit that feature?

At this point, one is tempted to start using "real world" analogies -- you know, if a window is open, are you "authorized" to climb in? If the door is unlocked, are you "permitted" to go in? If the keys are left in the car, are you allowed to drive off with it?

And that’s the problem. The law deals with new situations by analogy, and all analogies are imperfect. If a Wifi connection is left unencrypted with no password, are you "authorized" to access it? Alternatively, if your neighbor is having a party to which you are invited, and the front door is unlocked, are you "permitted" to just come on in?

Story continued on Page 4 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 3 of 7 ) previous  next 
Comments Mode:
Thanks Mark 2008-01-23
Andy S.
Mother, May I? 2008-01-23
Anonymous (1 replies)
Re: Mother, May I? 2008-01-24
Mark D. Rasch
You're overlooking some issues. 2008-01-23
Anonymous (2 replies)
Re: You're overlooking some issues. 2008-01-24
Mark D. Rasch
Re: You're overlooking some issues. 2008-02-14
Anonymous
Mother, May I? 2008-01-23
Erik N
Mother^H^H^H^H^H^H directory manager, May I? 2008-01-23
reiisi
OS utilities and public "keys" 2008-01-23
Ole Juul (1 replies)
Re: OS utilities and public "keys" 2008-01-28
Mark D. Rasch (1 replies)
Re: Re: OS utilities and public "keys" 2008-01-29
Jon Hash
Be careful what you ask for 2008-01-23
overshoot
Mother, May I? 2008-01-24
Thomas Downing (1 replies)
Internet as Commons 2008-01-28
Mark D. Rasch (1 replies)
Re: Internet as Commons 2008-01-29
Jon Hash (1 replies)
Re: Re: Internet as Commons 2008-02-01
Mark D. Rasch
Mother, May I? 2008-01-24
stacy
Not much of a cheese shop, is it? 2008-01-24
Mitch Smith (2 replies)
Re: Not much of a cheese shop, is it? 2008-01-28
Mark D. Rasch (1 replies)
Re: Re: Not much of a cheese shop, is it? 2008-01-29
Camambert
Re: Not much of a cheese shop, is it? 2008-01-29
Anonymous
Mother, May I? 2008-01-27
Anonymous (1 replies)
Re: Mother, May I? 2008-02-01
Mark D. Rasch
Mother, May I browse your public server? 2008-01-28
Anonymous (1 replies)
Re: Mother, May I browse your public server? 2008-02-01
Mark D. Rasch
It's Like a Phone Book 2008-01-30
danielc
Mother, May I? - WPAD hack appears to be legal 2008-02-01
Bertman
Mother, May I? 2008-02-07
Victor (1 replies)
Re: Mother, May I? 2008-02-07
Mark D. Rasch
Mother, May I?: Yet another real-world analogy, the court's homework, and ..."Microsoft itself"? 2008-02-09
Anonymous


 

Privacy Statement
Copyright 2010, SecurityFocus