Date: Sun, 10 Mar 2002 10:16:15 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: "Gary W. Swearingen" <swear@blarg.net> Cc: Greg Lehey <grog@FreeBSD.ORG>, Brett Glass <brett@lariat.org>, chat@FreeBSD.ORG Subject: Re: Rejecting spam, accepting valid mail (was: Mail blocked) Message-ID: <3C8BA2EF.C9C533A8@mindspring.com> References: <4.3.2.7.2.20020307094130.01f59240@nospam.lariat.org> <4.3.2.7.2.20020306234510.01ee0180@nospam.lariat.org> <4.3.2.7.2.20020306234510.01ee0180@nospam.lariat.org> <4.3.2.7.2.20020307094130.01f59240@nospam.lariat.org> <3cg03ccef4.03c@localhost.localdomain> <4.3.2.7.2.20020307221616.00cb9980@nospam.lariat.org> <20020308190102.B679@sydney.worldwide.lemis.com> <d1lmd1dwzm.md1@localhost.localdomain> <3C8B01B9.D7BE84DC@mindspring.com> <iselisd9zk.lis@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
"Gary W. Swearingen" wrote: > > One of the original crackdowns on crackers, and one that is > > still used today as one of the charges against them, is > > wire fraud, by claiming a fradulent identity, when providing > > the identity to a remote system. > > That's interesting, as it implies that there are hundreds of thousands > of federal criminals (eg, a big % of usenet posters and hotmail/yahoo > users) running free. It's worth looking into, though, I suppose. Only if they are logging in with someone else's credentials, and thereby claiming to be them, just as you do when you log into an account over the wires, when the account isn't yours. > But I'm not certain that the law is using the same meaning of "fraud" as > you and Greg; it has several meanings, only one of which means a simple > use of false identity. The other meanings are along the lines of THE > ONLY dictionary-meaning of "defraud", which has a necessary "in the > cause of committing theft" component. To accuse someone of defrauding > people is to accuse him of being a thief. (To accuse someone of being > a fraud, COULD mean only that he's not using a real identity, though > it could easily be misunderstood as calling him a thief too.) This really depends on your contract. At the time, most of the timeshare and other contracts specified persons permitted to do the logging in. > I suspect that the Feds claim of "fradulent identity" involves some > round-the-barn consideration that the false identity was used in an > attempt to steal in some sense. They can probably even make it strech > to fit almost every case, by considering a few wasted electrons or > something and some implied contract that you're offered the use of a web > form in exchange for entering valid info and entering invalid info is > somehow stealing the use of the form. It really has to do with contractual obligations. Though these days, it's easy to argue that a form entry constitutes a digital signature, now that digital signatures are legally binding, thanks to the Clinton presidency. From a cryptographic standpoint, this shifts the burden of non-repudiation onto the individual, rather than the company. This is similar to the shift of the burden for collection of unsecured loans onto the people taking the loans, rather than on the people extending credit without security. In the U.S. credit card loans are now implicitly secured with your personal posessions (i.e. don't run up credit card bills you can't pay, or they can take your house, even if you didn't sign a contract which used the house to collateralize the debt). This also took place in the Clinton presidency. I'm not sure how happy I am about someone being able to use my digital identity in a legally binding way, with the burden of repudiation being on me, rather than the burden of non-repudiation being on the other party. It makes individuals responsible for the costs of fraud committed in their name. Given how easy it is to steal an electronic identity, it's really obnoxious to see the changes in the law that did this. > In your last-mentioned case of "fradulent identity", it is used to > obtain (what most will agree would be) stolen services and so such > crackers ARE defrauding the remote system. Actually, the "theft of services" is relatively new. In "the old days", what they were doing was more bound up in tort law, since the contract for the use of the machine established a value, and the implicit limitation of users to established identities meant that the person being defrauded was the person whose account you were using, and not the company offering the services. It's a good thing to know who you are harming when you engage in illegal behaviour; it tends to personalize it, which is a much better way of discouraging illegal acts than further legislating against them (English Bobby: "Stop! Or I shall yell ``Stop!'' again!"). > Maybe the argument (Greg's?) would be that if he puts up a message > ID filter, and I happen to slip past it (or only if I intend to or > am aware of his filter, maybe?), then I'm using his electrons > against his will and thus stealing from him. I supposed it'd > probably win in some courts. I think you are missing the "intent" component. SPAM relaying is certainly theft of services. As a mail server operator, and being located in the state of California, it's actually possible to collect $50 per message that transit the server (that'd be one per target, in the case of a fan-out, so it would be the list membership), up to a total of $25,000, per incident. I think that most FreeBSD lists have at least 500 subscribers, and even if they aren't in California, dragging them into the California state of venue from outside, at least in the U.S., will cost them, and you can always get a court order that garnishes their income, as a result of the incident. Plus $25,000 per incident would tend to buy a lot of SMP and IA-64 and SCSI crads and ... to push the project forward. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C8BA2EF.C9C533A8>