[Dshield] SC Comp Crime Law (WAS: Re: South Carolina, Computer Crime, Bell South, and Related Frustrations...)

Jon R. Kibler Jon.Kibler at aset.com
Tue Aug 27 14:30:24 GMT 2002

I was kinda surprised by the responses and non-responses to my original post... I guess I put too much into my original message to get the feedback I expected. Therefore, please indulge me as I split the original discussion into two different messages. (This is part one.)

The only part of the original post that produced any feedback was regarding the computer crime law itself. The concerns expressed about the new law were the same as most first reactions... "What if someone hacks me and uses my computer to initiate attacks -- Am I now a criminal?" (Short answer: No.)

Two or three years ago, when I first started asking people "What should be considered criminal use/misuse of a computer?" the consensus of opinion seemed to be "As long as it doesn't destroy data, deny service, or disclose confidential information, everything should be legal." When I asked specific questions (on some security news groups) such as "Should port scans be illegal?" or "Should unauthorized sending of mail through open relays be banned?", the responses I received basically labeled me a heretic out to destroy the freedom of the Internet for even suggesting such ideas.

Have times changed so much that everyone now agrees that limits should be placed on activities once considered perfectly acceptable? For example, I remember getting dozens of emails that basically said "Anyone so dumb as to run an open relay mailer deserves all the traffic spammers can shovel through their mailer." Are opinions such as this now dead? (I hope so!)

Looking at SC's Computer Crime Law from a purely technical standpoint, I would appreciate some feedback on a few issues:
   1) Does the law make illegal activities that should be permitted?
   2) Are the definitions, such as what is a "computer" or "data" (etc.) adequate?
   3) What loopholes do you see in the law? (That is, what do you think you could get away with [because of some potential flaw in the law] that the law appears to make illegal?)
   4) Are there activities not covered by the law that should be made crimes?
   5) Should a business be able to recover civil damages for "computer crimes" without first having to obtain a criminal conviction?
   6) Does your state (or country, if not U.S.) define computer crimes not covered under the SC law?
   7) If you were to lobby your state to update its computer crime laws, what parts of the SC law would you like to see included or excluded by your legislature?

Finally, I would like your general opinion of the law: 
   Is it good, bad, or indifferent legislation, and why so? 
   What do you feel are its strengths and weaknesses?

Any other general comments or thoughts on the law? 

We hope to get a couple more changes made to the law in the next legislative session, so any and all feedback on the current law is greatly appreciated.

Thanks for your time and indulgence.

Jon R. Kibler
Systems Architect/Chief Technical Officer
Jon.Kibler at aset.com

Advanced Systems Engineering Technology, Inc.
389 Johnnie Dodds Blvd., Suite 205
Mt. Pleasant, SC 29464-2969  (Charleston)

Phone:  (843) 849-8214
Fax:    (843) 849-8215

More information about the list mailing list