gnu@hoptoad.UUCP (04/28/87)
Unfortunately this is true. I tried to get the net stirred up enough to fix it when the law was proposed last year, but either nobody complained to their Congresscritters or they didn't listen hard enough, because it was passed (Public Law 99-508, the Electronic Communications Privacy Act of 1986). As far as I know, nobody has yet been prosecuted under it though, so what it really means is not clear. There is a section that says: "(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person-- ... "(iv) to intercept any wire or electronic communication the transmission of which is causing harmful interference to any lawfully operating station, to the extent necessary to indentify the source of such interference..." which might cover cases like trying to find out who forged mail (harmful interference with lawful stations? I'm sure this section was written for radio though.) The original case, where a system administrator says he watched the mail logs until a piece of mail critical to his lab came in, while the recipient was out of town, is probably legal, but the wording of the bill is so fuzzy it's hard to say: "(b) EXCEPTIONS.-- A person or entity may divulge the contents of a communication-- "(3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service; "(4) to a person employed or authorized or whose facilities are used to forward such communication to its destination; "(5) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service"... One of these three would probably cover the case. ECPA, we didn't stop it, now we have to figure out what the damn thing means. -- Copyright 1987 John Gilmore; you can redistribute only if your recipients can. (This is an effort to bend Stargate to work with Usenet, not against it.) {sun,ptsfa,lll-crg,ihnp4,ucbvax}!hoptoad!gnu gnu@ingres.berkeley.edu
sysop@killer.UUCP (BBS Admin) (05/04/87)
In article <2062@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) writes: > Unfortunately this is true. I tried to get the net stirred up enough to > fix it when the law was proposed last year, but either nobody complained > to their Congresscritters or they didn't listen hard enough, because it > was passed (Public Law 99-508, the Electronic Communications Privacy Act > of 1986). As far as I know, nobody has yet been prosecuted under it > though, so what it really means is not clear. > > The following is an act passed by the Texas Legislature. AN ACT relating to the creation and prosecution of offenses involving computers; providing penalties and an affirmative defense; adding Chapter 33 to the Penal Code. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: SECTION 1. Title 7, Penal Code, in amended by adding Chapter 33 to the Penal Code. CHAPTER 33 Section 33.01 DEFINITIONS. In this Chapter: (1) `COMMUNICATIONS COMMON CARRIER' means a person who owns or operates a telephone system in this state that includes equipment or facilities for the conveyance, trans- mission, or reception of communications and who receives compensation from persons who use that system. (2) `COMPUTER' means an electronic device that performs logical, arithmetic, or memory functions by the manipulations of electronic or magnetic impulses and includes all input, output, processing, storage, or communication facilities that are connected or related to the device. `COMPUTER' includes a network of two or more computers that are interconnected to function or communicate together. (3) `COMPUTER PROGRAM' means an ordered set of data representing coded instructions or statements that when executed by a computer cause the computer to process data or perform specific functions. (4) `COMPUTER SECURITY SYSTEMS' means the design, procedures or other measures that the person responsible for the operation and use of a computer employs to restrict the use of the computer to particular persons or uses or that the owner or licensee of data stored or maintained by a computer in which the owner or licensee is entitled to store or main- tain the data employs to restrict access to the data. (5) `DATA' means a representation of information, knowledge, facts, concepts or instructions that is being pre- pared or has been prepared in a formalized manner and intend- ed to be stored or processed, is being stored or processed, or has been stored or processed in a computer. Data may be embodied in any form, including but not limited to computer printouts, magnetic storage media, and punchcards, or may be stored internally in the memory of the computer. (6) `ELECTRIC UTILITY' has the meaning assigned by Subsection (c), Section 3, Public Utility Regulatory Act (Article 1446c, Vernon's Texas Civil Statutes). Section 33.02. BREACH OF COMPUTER SECURITY. (a) A person commits an offense if the person: (1) uses a computer without the effective consent of the owner of the computer or a person authorized to license access to the computer and the actor knows that there exists a computer security system intended to prevent him from making that use of the computer; or (2) gains access to data stored or maintained by a computer without the effective consent of the owner or licensee of the data and the actor knows that there exists a computer security system intended to prevent him from gaining access to that data. (b) A person commits an offense if the person intention- ally or knowingly gives a password, identifying code, person- al identification number, or other confidential information about a computer security system to another person without the effective consent of the person employing the computer security system to restrict the use of a computer or to restrict access to data stored or maintained by a computer. (c) An offense under this section is a Class A misdemeanor. Section 33.03. HARMFUL ACCESS. (a) A person commits an offense if the person intentionally or knowingly: (1) causes a computer to malfunction or interrupts the operation of a computer without the effective consent of the owner of the computer or a person authorized to license access to the computer or a person authorized to license access to the computer; or (2) alters, damages or destroys data or a computer program stored, maintained or produced by a computer, without the effective consent of the owner or licensee of the data or computer program. (b) An offense under this section is: (1) a Class B misdemeanor if the conduct did not cause any loss or damage or if the value of the loss or damage caused by the conduct is less that $200.00; (2) a Class A misdemeanor if the value of the loss or damage caused by the conduct is $200.00 or more but less than $2,500.00; or (3) a felony of the third degree if the value of the loss or damage caused by the conduct is $2,500.00 or more. Section 33.04. DEFENSES. It is an affirmative defense to prosecution under Sections 33.02 and 33.03 of this code that the actor was an officer, employee, or agent of a communications common carrier or electric utility and commit- ted the proscribed act or acts in the course of employment while engaged in an activity that is a necessary incident to the rendition of services or to the protection of the rights or property of the communications common carrier or electric utility. Section 33.05. ASSISTANCE BY THE ATTORNEY GENERAL. The attorney general, if requested to do so by a prosecuting attorney, may assist the prosecuting attorney in the investi- gation or prosecution of an offense under this chapter or of any other offense involving the use of a computer. SECTION 2. This Act takes effect September 1, 1985. SECTION 3. The importance of this legislation and the crowded condition of the calendars in both houses create an emergency and an imperative public necessity that the consti- tutional rule requiring bills to be read on three several days in each house be suspended, and this rule is hereby suspended. > ECPA, we didn't stop it, now we have to figure out what the damn thing means. > -- > Copyright 1987 John Gilmore; you can redistribute only if your recipients can. > (This is an effort to bend Stargate to work with Usenet, not against it.) > {sun,ptsfa,lll-crg,ihnp4,ucbvax}!hoptoad!gnu gnu@ingres.berkeley.edu Charlie Boykin {cuae2,ihnp4}!killer!sysop
cetron@utah-cs.UUCP (Edward J Cetron) (05/11/87)
In article <844@killer.UUCP> sysop@killer.UUCP (BBS Admin) writes: >In article <2062@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) writes: >> Unfortunately this is true. I tried to get the net stirred up enough to >The following is an act passed by the Texas Legislature. > .... > >Section 33.02. BREACH OF COMPUTER SECURITY. > (a) A person commits an offense if the person: > ... > > (2) gains access to data stored or maintained by a >computer without the effective consent of the owner or >licensee of the data and the actor knows that there exists a and now here is the rub...... Where is the OWNER of the data defined. This is the problem that I think is going to cause the most trouble. In our view, since all lab personnel are given lab accounts (i.e. they don't pay for them) and since most of what they use the computers for is work-related, who really 'owns' the data in their directories? Given current Univ. policy, any programs or whatever created by employees using Univ. facilities are 'owned' by the U. But graduate students aren't contracted employees, but then again they DO get paid, but then again...... As John Gilmore has written, the ECPA says a lot of stuff - but does ANYONE really know what it really means.... -ed
heiby@mcdchg.UUCP (05/11/87)
This is one of the better such laws I've seen. As with the others, though, this one needs some help with definitions and the consequences of those definitions. [whole article == :-)] BBS Admin (sysop@killer.UUCP) writes: | (2) `COMPUTER' means an electronic device that | performs logical, arithmetic, or memory functions by the | manipulations of electronic or magnetic impulses and includes | all input, output, processing, storage, or communication | facilities that are connected or related to the device. | `COMPUTER' includes a network of two or more computers that | are interconnected to function or communicate together. For example, my wristwatch. Some watches have special programming keypads, aso well. Maybe they become a "network"? I use my fingers in connection with the processing, storage, and communication of the data stored in the watch. What does that make the fingers or the devices attached to them? | (4) `COMPUTER SECURITY SYSTEMS' means the design, | procedures or other measures that the person responsible for | the operation and use of a computer employs to restrict the | use of the computer to particular persons or uses or .... I keep my shirt cuff pulled down over the face of the watch and don't let anybody know what time it is unless they ask me. I also use the wrist band and clasp as an integral part of the security system to keep it in place behind my shirt cuff. | (5) `DATA' means a representation of information, | knowledge, facts, concepts or instructions ... | may be stored internally in the memory of the computer. Like, what time my alarm is set to go off. | (1) uses a computer without the effective consent | of the owner of the computer or a person authorized .... | | (c) An offense under this section is a Class A misdemeanor. If such person moves my shirt cuff out of the way to check the time. | (1) causes a computer to malfunction or interrupts | the operation of a computer .... | | (2) alters, damages or destroys data or .... | | (b) An offense under this section is: | | (3) a felony of the third degree if the value of | the loss or damage caused by the conduct is $2,500.00 or more. So, if someone interrupts the operation of the computer on my wrist, like by stealing it, and I miss an appointment causing me to lose a business account that is worth more than $2,500, then the pickpocket has committed a 3rd degree felony by lifting my $40 watch. (Unless, of course, the pickpocket works for the phone company and needed to know what time it was in connection with his/her official duties.) -- Ron Heiby, heiby@mcdchg.UUCP Moderator: comp.newprod & comp.unix Motorola Microcomputer Division (MCD), Schaumburg, IL "Small though it is, the human brain can be quite effective when used properly"