[NTLUG:Discuss] OT: What constitutes unauthorized access?

[David]

On Sun, Jun 22, 2003 at 11:23:18AM -0500, Steve Baker wrote:
> Seems we could have a better analogy here.

You're focused on the front door.  Trespass has already occured, or
not, by leaving the sidewalk and walking up to the door.

> However, it's not clear in the world of the Internet where those boundaries
> lie.
> 
>   1) If the computer responds to an http request for a page called 
>   'index.html',
>      then there is clearly an expectation that this is an OK thing to do.
> 
>   2) Repeatedly trying random ssh passwords in order to gain root access
>      clearly is NOT an OK thing to do.
> 
> Everywhere between those limits is kinda grey.  Some people have been sued
> for 'deep linking' - which is only half a notch above (1).   Random port
> probing to see what services a computer is offering is seen by some as an
> OK thing to do - and it's only half a notch below (2).

Deep linking is a separate issue, and much more complicated.  It's
usually come to court when commercial website "A" links to commercial
website "B".  In the commercial context, there are other issues
besides trespass, including unfair competition, copyright
infringement, trademark and trade dress infringement, and unjust
enrichment.  The results in those cases aren't necessarily comparable.

> I don't think this is at all a clear matter.

Correct!  For now, caution is still the best policy. 

-- 
David Hayes
david at hayes-family.org