Pleasant@Rutgers.ARPA (04/04/83)
HUMAN-NETS Digest Sunday, 3 Apr 1983 Volume 6 : Issue 19
Today's Topics:
Computers and the Law - Texas Computer Crime Law (5 msgs) &
Electronic Anklet
----------------------------------------------------------------------
Date: 31 March 1983 05:38 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Computer Systems
Date: Wed 30 Mar 83 10:49:08-PST
From: LAWS@SRI-AI.ARPA
"computer data" seems to be easier to define than the other
terms; it has to do with information that is not directly usable
by humans.
Gee, under that definition all information in the brains of any
species other than Homo Sapiens would be "computer data". Also any
information locked in a vault such as a safe-deposit box would be
"computer data" during the time it's under lock. Also anything
written in a lost language such as ancient Mayan would be "computer
data".
I think we better try again with that definition.
------------------------------
Date: 31 Mar 1983 12:54:13-EST
From: csin!cjh at CCA-UNIX
Subject: re computers and the law
Enter Flame Mode:
I'm a bit surprised at the naivete with which most people are
approaching the Texas Computer Crime Law; although I don't recall
seeing msgs from the wight on Poli-Sci who was proclaiming himself
and his reactionary buddies the source of all hard truths, it should
be obvious (especially considering where the laws are first
appearing) that the major issue here is MONEY. (This was briefly
mentioned as an introduction to the debate and has since
disappeared.) The issue isn't assorted minor inconveniences, and it
certainly isn't personal rights; it's the fact that the average
money-yielding attack on a computer system (i.e., not hacking but
-"computer theft"-) yields something like 20 times as much loot as
the average robbery/burglary (and those figures may be suspect
because the ones I've seen don't indicate whether they include
crimes against homes as well as crimes against business). <enter
cynical mode> Worse (from the point of view of the people who own
some of the legislatures), some computer thieves have managed to
wriggle out of any charges through loopholes in current laws, to the
extent that computer theft often goes unprosecuted due to the
unlikelihood of conviction, the even smaller likelihood of getting
anything back, and the great likelihood of unfavorable publicity for
companies which depend heavily on public confidence (e.g. banks).
<leave cynical mode>
If you want to deal with the fallacies of a law you have to allow
for the objectives of those who framed it.
Leave Flame Mode.
Note on the landlord-destroying-tax-returns case: in
Massachusetts it's illegal for the landlord to enter your place
without an appointment except in an emergency, and the courts aren't
lenient in their definitions of emergency. (But then, Mass. is a
good place for tenants.) I'm more worried about destruction by my
sister's cats.
------------------------------
Date: 31 Mar 1983 10:44-PST
From: Greg Davidson <sdcsvax!davidson@NOSC>
Subject: Computer Laws
It always disturbs me when laws define crimes in terms of the
methods used to perform the crime instead of in terms of the nature
of the crime. This is one of the things that keeps our legal system
so complicated that even lawyers trip over it. I would assert that
no new laws need or should be passed, ever, to cover crime involving
computers.
Regardless of the tools used, harming someone physically should be a
crime. Regardless of the tools used, stealing someone's property
should be a crime. Regardless of the nature of the property, its
theft should be a crime. In addition to theft, unauthorized use
should also be a crime. It is the owner's privilege to specify what
uses of his or her property, if any, are to be permitted by others.
It is the owner's responsibility to clearly label or restrict access
to his property so that people can respect his or her wishes.
Issues of enticement come up, and so on, but such issues have
nothing to do with computers, per se.
Any person who commits a crime is certainly responsible for any
damages that ensue. Its probably also necessary to be able to slap
their hands even if no damage ensued from their action. Also, if
there is reason to believe that they were trying to cause damage,
its necessary to take strong action. I could go on, but there's
nothing about computers here.
It should be made clear that information can be property like
anything else. It can not only be stolen or damaged, it can also be
copied. Copying information whose access is restricted against
such, is just another example of unauthorized use of someone's
property. It does not make any difference what form the information
is stored in.
I would challenge the whole group to come up with anything new which
needs to be added to existing laws to extend them to cover computer
crime. Also, I would like people to find cases where existing legal
definitions are tied to some particular method, and suggest how they
should read instead.
I've always found it hard to believe that a society can expect
people to obey its laws when they are so complex that they can't be
known to everyone. Can anyone think of any good reason why the laws
of this country couldn't be reduced to the size of a paperback book?
Suppose they were legally required to fit in such a book (word
count, not page count)? Suppose that learning the laws was required
of all high school students, and the legislature was required to
keep them simple enough that at least 80% of the students passed a
standardized achievement test on them?
-Greg
------------------------------
Date: 31 Mar 83 18:39 EST (Thursday)
From: clark.wbst@PARC-MAXC.ARPA
Subject: Re: HUMAN-NETS Digest V6 #16
Suggested Definition:
Computer System: "Contrivance intended to manipulate
information."
Information: "{data, facts} and {ideas,algorithms,concepts}"
(something like that)
A microwave oven manipulates Hot Dogs,
A Vacuum cleaner manipulates air and small particles,
A digital watch I don't know about...
SO... a Washing Machine with a CRAY I in it to optimize the
motion of the parts to maximize the effectiveness of washing
while minimizing the wear and tear on the cloths would NOT
be a Computer System, because it is intended to wash cloths.
An ATM manipulates information, the result of such
manipulation being to run a mechanical gadget to feed you
$$. It falls under the category of computer system because
it manipulates your magic number to decide whether to give
you $$ or not. If it simply gave $$ to everybody who pushed
a button, it would not be because it's main purpose was to
manipulate $$ and the dispensing mechanism.
A process control computer manipulates information, the
result being used to control motors, etc.
Note that the process control system WOULD be a computer
system, since it is intended to manipulate information,
whereas the Steel mill is NOT a computer system because it
is intended to manipulate Metal.
A mechanical device to shuffle huge card files around is
manipulating information, and so it would be just like a
computer.
Does this make sense?
Without knowing one whole heck of a lot about law, It seems to me
that if the people involved understand the technology that the
application of laws for material objects to computers is obvious.
If you do damage to the other party, or run off with something that
he/she did not want you to, you ... well... did something wrong !
Notice in my definition of information, it does not matter HOW it is
encoded, or if a person, no matter how sharp, can read it. If the
OWNER can get some use out of it, or extract the information, it
must be useful!
Favorite point:
The (*& about information being directly useable by humans... any
amount of gibberish is directly useable by humans, it just takes us
a little longer. First, because it is not in a very efficient form
for us, and second, because we are not used to doing it. At one
time I could read, modify, and debug 8080 code with a hex memory
editor just as well as the source. Just because Joe Blow off the
street can't, doesn't mean it is not useable. That would mean that
German language information is not information because it is not
usable by *all* humans. Actually, using MagnaSee, while I would not
want to do it, it is conceivable that a person could read a book
directly off of a mag tape!
Actually, I don't see what it matters if it is directly usable by
humans or not... if the information is encoded there, it must be
there for a reason... The fact that people put it there in that
format is in itself proof that it is usable by humans, and that they
can somehow profit by it's use. Does anyone have a good (or bad)
explanation FOR the stuff about not applying laws to things not
directly useable by humans? The only source for such ideas I can
think of is the manipulation of technically ignorant legislators by
technologists who want to make it legal to steal other people's
information.
Anyways, this has been much longer and sweeping than I had
intended...
--Ray
------------------------------
Date: 31 March 1983 21:19 EST
From: Clifford Neuman <BCN @ MIT-MC>
A few (more) of the provisions of the Texas computer crime act have
points that either need clarification, or that should be totally
rewritten.
To start with:
Sec. 33.01 DEFINITIONS. In this chapter:
"Operator," with respect to a computer system, means the person
who manages, controls, or directs the operation and use of the
system.
Operator should be defined in the plural, or at least used in that
way. Most systems are operated by more than one person, and
approval required from the operator may be granted by any of these
people.
Sec. 33.03. BREACH OF SECURITY SYSTEM.
(a) A person commits an offense if, without the effective
consent of the operator of the computer system, he
intentionally:
What is meant by effective consent? If one of the people who
operates the computer does something covered by the act (totally
legitimately) does he have effective consent. Does he have
effective consent of "The Operator" to perform this act? For the
purpose of this letter I define "The Operator" to be the single
person responsible for overseeing the computer and its staff. Well
maybe he does have the effective consent based upon the privileges
granted to him by "The Operator", but then what about people to
whom he has given consent to perform specific actions. Clearly
they have not receive consent, from "The Operator", but from some
"subordinate" member of the the systems staff.
Perhaps effective consent is defined to include implied consent.
Maybe "The Operator" is allowed to delegate his authority to grant
consent for certain actions. In fact, maybe it can even be
delegated to a process which continually runs on the system whose
sole purpose is to grant permission to users for specific actions.
This sounds very much like an Access Control Job. Does this mean
that anything that the ACJ allows you to do has implied consent
based only on the point that you were able to do it?
Sec. 33.05. INTERFERENCE WITH COMPUTER SERVICE.
(a) A person commits an offense if, without the effective consent
of the operator of the computer system, he intentionally
interferes with or interrupts computer system services to one
authorized to receive the services.
This seems like an interesting issue for sites which have a fairly
lenient tourist policy. It is occasionally the case that when
tourists are logged in during peak hours they are asked to leave.
They are even on occasion forcibly logged out if they do not heed
the warning. This is clearly a case of interrupting the computer
system services to those authorize to receive them. It can probably
be argued that the person performing the action has the implied
consent of "The Operator" since the tourist policy does mention that
tourists are not to use the system during peak hours or at other
times when the load is high, but the definition of peak hours or
high load is not the same for everyone. Of course as Paul Fuqua
mentioned in his response, systems may not be considered computers
when the load is high because of their slowness.
Cliff
------------------------------
Date: 1 April 1983 13:07 cst
From: Heiby at HI-MULTICS (Ronald W.)
Subject: Thermostats not computers?
By the way, Honeywell, Texas Instruments, and at least one other
firm (JS&A distributor) make thermostats with microprocessors. At
least one of these is smart enough (according to the ads) to figure
out when to turn the furnace on in order to get the house up to the
desired temperature at the desired time.
I can see changing a thermostat set-point being a crime here in
Minnesota, but I can't see it for Texas. (Ha ha.) Ron H.
------------------------------
Date: 1 April 1983 20:57 EST
From: Steven A. Swernofsky <SASW @ MIT-MC>
Subject: a jail cell on your foot
From: Damouth.Wbst at PARC-MAXC.ARPA
``Viewed by itself, this prospect appears horrifying. Viewed as
an alternative to prison for convicted non-violent criminals, it
seems far more humane and far cheaper than the prison.''
This can only mean, ``If this were applied to me, I would be
appalled, but since it will only be applied to people I don't know,
it is A.O.K.''
The aspect of the position-sensing anklet, or "jail cell on your
foot," which is worst is (again) its potential for misuse. In this
case it is being applied only to parolees, in place of prison. But
will that be all? The next judge to read Spiderman comics will
probably realize that prisoners held on bail could also wear the
anklet, in place of prison. It is not a difficult step to
administrative supervision, and automatic application to anyone
whose movements "we" might want to watch. (Would you feel
comfortable if this included people with security clearances?)
A "jail cell on your foot" is still a JAIL CELL. Of course it is
more humane! That is the very aspect which is most dangerous.
Humane weapons are more likely to be used, and humane jail cells are
more likely to be applied, and to more people. (Recall REM's world,
where everyone has one.) It is cheaper, too.
An easy solution is to declare that the position-sensing anklet IS a
jail cell, and can only be applied where a prison sentence would be.
But that takes away the technological "miracle," doesn't it?
Technical solutions are not the final word -- they are a great deal
of /help/, but by themselves won't /solve/, hard social problems.
-- Steve
P.S. If you used NAVSTAR, you could be very, very accurate.
$$
------------------------------
End of HUMAN-NETS Digest
************************