Feeds

Legal experts wary of MySpace hacking charges

'We are all felons if this flies'

Reducing the cost and complexity of web vulnerability management

Yet, legal experts argue that, by trying to do right by Megan, U.S. prosecutors are doing the wrong thing.

At the center of the debate is the meaning of what is "unauthorized access," Orin Kerr, professor of law at George Washington University, said in an analysis of the indictment.

"The federal statute ... generally prohibits accessing a computer 'without authorization' or 'exceeding authorized access.' But what makes an access 'without authorization'?" Kerr stated. "If the computer owner says that you can only access the computer if you are left-handed, or if you agree to be nice, are you committing a crime if you use the computer and are nasty or you are right-handed?"

The indictment offers no guidance as to what type of violation might prod prosecutors to action, added John Morris, general counsel for the Center for Democracy and Technology, a Washington D.C.-based policy group.

"There is nothing in the indictment that differentiates between what is a serious violation of the terms of service and a trivial violation of the terms of service," Morris told SecurityFocus. "I would bet that the majority of U.S. Internet users have committed a federal crime, if the charges in this indictment are upheld."

While courts have upheld the enforceability of some terms-of-service and click-wrap agreements, many online click-to-agree contracts - especially those that accompany spyware - have not been found valid. Consumer studies have also found that people rarely read end-user license agreements (EULAs), privacy agreements and terms of service. For example, one study by the Helsinki University of Technology (pdf) found that less than 2 percent of users actually read through a software agreement while two-thirds of users rarely read such agreements.

Making a violation of such agreements a crime would allow prosecutors the ability to investigate nearly any Internet user, Scott Greenfield, a criminal defense attorney, stated in an online analysis.

"Violating a website's 'TOS' is carte blanche to an imaginative prosecutor," Greenfield said. "We are all felons if this flies."

Attorneys interviewed for this article believed that the charges in the indictment will be dismissed. GWU's Kerr described at least two major hurdles for the government's case: a great many people regularly violate terms-of-service agreements and the defendant Drew likely did not set out to violate the TOS.

In his own brief analysis, Daniel Solove, an associate law professor, also at GWU, agreed that the government's case will be difficult to argue.

"While Drew's (alleged) conduct is immoral, it is a very big stretch to call it illegal," Solove said.

A call to Drew's attorney, H. Dean Stewart, requesting an interview was not returned.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.