Norway's supreme court has ruled that remotely exploring computers connected to the Internet is not a crime. The ruling sets a precedent that any system connected to the Internet (at least those in Norway) can be legally probed for security leaks. The ruling follows a case brought by the University of Oslo against a private security company, Norman Data Defence Systems (NDDS). NDDS had been contracted by a Norwegian news service to demonstrate the security pitfalls of Internet-connected systems for a TV programme. The company used a number of standard techniques to probe the University's mail system and determine who was connected to the institution's computers. NDDS claims the tests were conducted simply to see what information could be garnered using standard Internet protocols. No personal data was accessed. However, the University took NDDS and the individual engineer who carried out the tests to court. Both the company and the engineer were found guilty of an attempted break-in and misuse of computer resources to which they had no right of access. NDDS was fined and ordered to pay for repair work on the University's network. An initial appeal overturned the break-in charge, but now a second appeal, to Norway's supreme court, has seen the misuse charge quashed too. "The essence of the ruling is that if you want to join the Internet, you have to assure that you're protected," said NDDS CEO Gunnel Wullstein. "If you don't want to be visited, close your ports". ®