[Dshield] Re: South Carolina, Computer Crime, etc. -- A point of legal clarification.
Jon R. Kibler
Jon.Kibler at aset.com
Sat Aug 24 19:04:33 GMT 2002
I had the same concerns about this law when it was under discussion in the SC Senate Judiciary Committee. However, there is nothing to worry about here, so long as you exercise normal due diligence as a systems security administrator.
Whereas to us lay folks, the scenario you detail would seem to be a crime, under the law it would not be considered a crime. Why? Because to be prosecuted for a crime in SC, it is the burden of the State to show INTENT. In other words, the Solicitor (SC's equivalent to a DA) must show that you intended to commit a crime through deliberate action or inaction.
If someone hacks your systems and then uses it to attack other systems, then you did not commit a crime UNLESS it can be shown that you "willfully, knowingly, and deliberately" made your system available for a third party to use to commit a crime. It would be an extremely high burden of proof to show that you intentionally facilitated the crime.
In legal parlance, as long as you can demonstrate that you have taken "reasonable and prudent measures" to protect your systems, then you could not subject to prosecution.
I have had several rooms full of lawyers, legislators, and law enforcement officers all assure me that the law protects all involved except for those parties with criminal intent or reckless disregard for the law.
I hope this helps put your mind at ease...
Jon R. Kibler
Advanced Systems Engineering Technology, Inc.
> Subject: Re: [Dshield] South Carolina, Computer Crime, Bell South, and Related Frustrations (I'm as mad as Hell, and I'm not going to take this anymore!)
> Date: Fri, 23 Aug 2002 18:36:16 -0500
> From: "Ed Truitt" <ed.truitt at etee2k.net>
> Reply-To: list at dshield.org
> To: <list at dshield.org>
> References: <3D665243.600A8FBA at aset.com>
> <B>UNOFFICIAL</B> S.C. Code of Laws Title 16 Chapter 16 -- Computer Crime
> Act - As Ammended by 2002 Legislative Session <B>UNOFFICIAL</B>I don't know
> about you, but this scares the hell out of me!
> I Am Not A Lawyer, but the way I read this (as a layman) it says that if
> someone nails my system with Nimda one night, and before I can get to it the
> next morning it hits a class C network hosted in SC and scans it 10 times, I
> could be prosecuted for over a half-MILLION felony counts! And, at $200 per
> offense, the total fine would be up around $130 MILLION dollars! Make that
> a class B network, and the fine is larger than the federal budget deficit
> for this FY (on the order of 335 BILLION dollars!)
> And, if some DA wanted to get particularly anal, if the packets travelled
> through a ROUTER in SC, could they not classify the router as "anything used
> to commit the crime" (specifically, as an "accessory" to the crime)?
> Once again, our lawmakers manage to take a good concept and screw up the
> execution, big time.
> If you don't mind, I have got to research all the SC-based IP addresses, and
> update my router DENY lists... ;-)
> Ed Truitt
> PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
> "Note to spammers: my 'delete' key is connected to YOUR ISP.
> Also, if you send me UCE, I reserve the right to post your spew
> on my Web site, with the appropriate color commentary, so that
> others may have a good laugh at your expense."
More information about the list