On Tue, 3 Feb 2004 Daniel.Capo@tco.net.br wrote: > Christian Vogel wrote: > What concerns me most is that not one objection I received addressed the > point I made. I spoke of the _legal_ definition of "hacking", and all > people came up with was disagreement based on their own personal > feelings on the matter. While you are probably somewhat justified in the lack of discussion on your "legal definition" of "hacking", you must bear in mind that in the US legal system interpretation by the courts is as (more?) important than what is written. I certainly appreciated your bringing this definition into the discussion, as it was quite eye-opening. But as you comment, this is not a field you specialize in, and so it is unclear how correct your interpretation is (and I suspect that very few bugtraq readers are any better qualified). As was once commented in a seminar for IT techs about copyrights, there are only nine people in the country that know what the copyright law means in any particular case, referring to the justices of the Supreme Court. (And actually, there are probably only five, as it needn't be an unanimous decision:) I certainly dislike the phrasing of the legal definition that you provided (I did not verify your statement, nor check for other possible legal definitions, but am trusting your research). However, I suspect even with that definition the interpretation has quite a bit of play. I doubt it would be considered hacking on my part if I visited www.whitehouse.gov, clicked a seemingly innocuous link, and received top secret information, even though by an extremely strict reading of your definition it would be. If we change that to I randomly try www.whitehouse.gov/topSecret.html, which is not linked to another page anywhere, the matter becomes slightly gray (after all, the name topSecret in the URL suggests that they do not want it universally distributed. I suspect the fact that it is on a web server without any protection would more strongly suggest that it was for universally distributed). An unprotected SMB share is a very gray area, and personal opinions become quite relevant even from a legal standpoint (again, perhaps only the personal opinions of the nine Supreme Court justices, but personal opinions nonetheless). The fact that the Rep sysadmin informed the Dem counterpart of the "security hole" suggests that the Republicans were aware that the material was not meant for public display. The fact that the hole was not patched in a timely manner afterwards, however, might suggest that it was (or at least that was not considered sensitive). > > Excuse me, but personal feelings in this matter is irrelevant. People > objected to the press applying the term "hacking" to what happened, and > I pointed out that their usage was correct according to the law, > assuming their portrayal of the events was accurate. The press is not constrained to using the legal definition, and indeed I would expect the usage was meant to be the more everyday usage. If the case went to court, and the Republicans were found not guilty of the hacking charge and launched a suit against the press for libel/slander (I think there is a slight legal distinction between the two, but I do not recall which is appropriate for this case), I suspect the press will quite quickly state they were using the more vernacular definition of "hacking" and not a legal definition. I feel that the use of the term "hacking" was a bit sensationalist on the part of the press, and my reading of the quotes given of the headlines, etc. did not make it sound like they were intending a legally precise usage. That, of course, is merely an opinion. I would even venture to say that it is an opinion which may be dismissed simply because I follow bugtraq; after all, it can reasonably be claimed that bugtraq readers have jargonized the term "hacking" to the point where it is different from the general public usage. There was once (still is?) a group of IT folk who would have vehemently objected to the use of "hacking" in reference to any unethical behavior, insisting that the proper term is "cracking" (a "hacker" simply being a computer enthusiast who does elegant/tricky things). . And indeed, Tom Payerle Dept of Physics payerle@physics.umd.edu University of Maryland (301) 405-6973 College Park, MD 20742-4111 Fax: (301) 314-9525
