North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port scanning legal

  • From: Shawn McMahon
  • Date: Tue Dec 19 19:20:13 2000

On Tue, Dec 19, 2000 at 05:23:27PM -0500, Steven M. Bellovin wrote:
> As always, your mileage may vary.  California law specifically
> states that costs incurred by the victim include
> 	any expenditure reasonably and necessarily incurred by the
> 	owner or lessee to verify that a computer system, computer
> 	network, computer program, or data was or was not altered,
> 	deleted, damaged, or destroyed by the access.
> So checking out a scan might qualify.  As for "access", it's defined as
> 	"Access" means to gain entry to, instruct, or communicate
> 	with the logical, arithmetical, or memory function resources
> 	of a computer, computer system, or computer network

In other words, as written, it means that if you pull up my web page, I can
bill you for my time checking the apache logs to make sure you weren't doing
anything wrong.

And, if you send me email, I can bill you for my time spent making sure it
didn't contain a virus.

I'm thinking that law is easily challenged on the basis of vagueness.

Attachment: pgp00013.pgp
Description: PGP signature