North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port scanning legal

  • From: Steven M. Bellovin
  • Date: Tue Dec 19 17:26:21 2000

In message <[email protected]>, "Edward 
S. Marshall" writes:
>A quick quote from the article:
>    A tiff between two IT contractors that spiraled into federal court
>    ended last month with a U.S. district court ruling in Georgia that
>    port scanning a network does not damage it, under a section of the
>    anti-hacking laws that allows victims of cyber attack to sue an
>    attacker.
>    Last week both sides agreed not to appeal the decision by judge Thomas
>    Thrash, who found that the value of time spent investigating a port
>    scan can not be considered damage. "The statute clearly states that
>    the damage must be an impairment to the integrity and availability of
>    the network," wrote the judge, who found that a port scan impaired
>    neither.
>This may have ramifications for both security professionals and abuse desk
>personnel; this ruling would seem to make it clear that you cannot claim
>time spent investigating abuse issues as damage. The complete finding is
>Any armchair lawyers on the list want to take a crack at this?

As always, your mileage may vary.  California law specifically
states that costs incurred by the victim include

	any expenditure reasonably and necessarily incurred by the
	owner or lessee to verify that a computer system, computer
	network, computer program, or data was or was not altered,
	deleted, damaged, or destroyed by the access.

So checking out a scan might qualify.  As for "access", it's defined as

	"Access" means to gain entry to, instruct, or communicate
	with the logical, arithmetical, or memory function resources
	of a computer, computer system, or computer network

Specific crimes include

	(6) Knowingly and without permission provides or assists
	in providing a means of accessing a computer, computer
	system, or computer network in violation of this section.
	(7) Knowingly and without permission accesses or causes to
	be accessed any computer, computer system, or computer

Does a port scan "communicate with" the specified part of a computer?

FYI, these are from Section 502 of the California Penal Code, at