[Dshield] Re: South Carolina, Computer Crime, etc. -- A point of legal clarification.

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Sun Aug 25 15:51:39 GMT 2002


Excellent post! Please accept warm appreciation.

     "Everything must be taken seriously, nothing dramatically."
      Louis Adolphe Thiers (1797-1877); French statesman, historian

From: list-admin at dshield.org [mailto:list-admin at dshield.org] on Behalf
of Jon R. Kibler Sent: Saturday, August 24, 2002 10:05 PM, 
To: list at dshield.org
Subject: Re: [Dshield] Klez any one
> Ed:
> Please RELAX!
> I had the same concerns about this law when it was under discussion
> in the SC Senate Judiciary Committee. However, there is nothing to
> worry about here, so long as you exercise normal due diligence as a
> systems security administrator.   
> Whereas to us lay folks, the scenario you detail would seem to be a
> crime, under the law it would not be considered a crime. Why? Because
> to be prosecuted for a crime in SC, it is the burden of the State to
> show INTENT. In other words, the Solicitor (SC's equivalent to a DA)
> must show that you intended to commit a crime through deliberate
> action or inaction.     
> If someone hacks your systems and then uses it to attack other
> systems, then you did not commit a crime UNLESS it can be shown that
> you "willfully, knowingly, and deliberately" made your system
> available for a third party to use to commit a crime. It would be an
> extremely high burden of proof to show that you intentionally
> facilitated the crime.     
> In legal parlance, as long as you can demonstrate that you have taken
> "reasonable and prudent measures" to protect your systems, then you
> could not subject to prosecution.  
> I have had several rooms full of lawyers, legislators, and law
> enforcement officers all assure me that the law protects all involved
> except for those parties with criminal intent or reckless disregard
> for the law.   
> I hope this helps put your mind at ease...
> Sincerely,
> Jon R. Kibler
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC
>> Subject: Re: [Dshield] South Carolina, Computer Crime, Bell South,
>> and Related Frustrations (I'm as mad as Hell, and I'm not going to
>> take this anymore!) Date: Fri, 23 Aug 2002 18:36:16 -0500 From: "Ed
>> Truitt" <ed.truitt at etee2k.net> Reply-To: list at dshield.org
>> To: <list at dshield.org>
>> References: <3D665243.600A8FBA at aset.com>
>> <B>UNOFFICIAL</B> S.C. Code of Laws Title 16 Chapter 16 -- Computer
>> Crime Act - As Ammended by 2002 Legislative Session
>> <B>UNOFFICIAL</B>I don't know about you, but this scares the hell
>> out of me! 
>> I Am Not A Lawyer, but the way I read this (as a layman) it says
>> that if someone nails my system with Nimda one night, and before I
>> can get to it the next morning it hits a class C network hosted in
>> SC and scans it 10 times, I could be prosecuted for over a
>> half-MILLION felony counts!  And, at $200 per offense, the total
>> fine would be up around $130 MILLION dollars!  Make that a class B
>> network, and the fine is larger than the federal budget deficit for
>> this FY (on the order of 335 BILLION dollars!) 
>> And, if some DA wanted to get particularly anal, if the packets
>> travelled through a ROUTER in SC, could they not classify the router
>> as "anything used to commit the crime" (specifically, as an
>> "accessory" to the crime)? 
>> Once again, our lawmakers manage to take a good concept and screw up
>> the execution, big time.
>> If you don't mind, I have got to research all the SC-based IP
>> addresses, and update my router DENY lists... ;-)
>> Cheers,
>> Ed Truitt
>> PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
>> http://www.etee2k.net
>> http://www.bsatroop148.org
>> "Note to spammers:  my 'delete' key is connected to YOUR ISP.
>>  Also, if you send me UCE, I reserve the right to post your spew
>> on my Web site, with the appropriate color commentary, so that
>> others may have a good laugh at your expense."
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list 

More information about the list mailing list