[Dshield] Re: South Carolina, Computer Crime, etc. -- A point of legal clarification.

Mark Rowlands mark.rowlands at minmail.net
Mon Aug 26 05:14:29 GMT 2002


On Sat August 24 2002 21:04, Jon R. Kibler wrote:
> Ed:
>
> Please RELAX!
>
> I had the same concerns about this law when it was under discussion in the
> SC Senate Judiciary Committee. However, there is nothing to worry about
> here, so long as you exercise normal due diligence as a systems security
> administrator.

Heartening words,  but given the level of paranoia in the US about homicidal 
terrorists wielding killer computer virii combined with the generally low 
level of expertise and knowledge of computer technology of the average 
prosecutor, I wouldn't want to rely on what appears to qualify as "normal" 
due diligence.

If you happened to be a foreign national, say of  middle-east extraction, 
residing in the US, operating a computer system in the US and your systems 
are hacked and used to initiate a substantial DDOS against a governmental 
agency, you might be surprised at the definition of normal due diligence that 
is applied to you.

Conclusion:-

Have a written policy, implement it, document that you implemented it, keep it 
up to date and don't  eat yellow snow.




More information about the list mailing list