[rohrpost] US legal bug stops legal public domain scanner
knowbotic.research
krcf@khm.de
Sat, 11 May 2002 18:34:51 +0200
CRACKED ..Minds of concern::breaking news...CRACKED
CRACKED at http://unitedwehack.ath.cx
CRACKED public domain scanner http://unitedwehack.homeunix.net/minds3/
The authority of the Internet service provider of the New Museum in NY
stopped yesterday the
Public Domain Scanner, an installation and web project in the exhibition
Open_Source_Art_Hack
(http://netartcommons.walkerart.org)
The public domain scanner has portscanned worldwide the servers of several
hundred NGOs and media activists.
It has published the analysed security lacks of the scanned servers, but
hides the net.adresses of the scanned
organisations and net actors.
http://unitedwehack.ath.cx ( mirror site in Cologne with some legal bugs,
no active scanner any more)
Here is the outline of the contestation:
Port scanning is legal:
Port scanning is a frequently used tool in network security analysis,
involving examination of a remote computer without accessing its programs
or data. The port scan used in Public Domain Scanner do not test login
passwords, create a significant amount of traffic, or access or alter any
data on the scanned computer. In that sense, a port scan is similar to
observing a house from across the street, and perhaps knocking on its front
door, but not entering even if the door is opened.
Only one published opinion has considered the legality of port scans. That
court held that such activity did not violate federal or state computer
protection statues or other law. The federal district court for the
Northern District of Georgia held that a party who conducted port scans of
another party's computer systems did not violate the Computer Fraud and
Abuse Act (18 U.S.C. s. 1030) [1], because he neither caused damaged nor
gained access to the computers at issue. Moulton v. VC3, 2000 WL 3331091 at
*6 (N.D. Ga., Nov. 7, 2000). Nor did the port scans violate state law,
because they did not interfere with computer or network activity.
References:
[1] The Computer Fraud and Abuse Act:
<http://www.usdoj.gov:80/criminal/cybercrime/1030_new.html>
[2] Moulton v. VC3, 2000 WL 3331091 (N.D. Ga., Nov. 7, 2000)
[3] Computer Crime and Intellectual Property Section, U.S. Department of
Justice, Legislative Analysis of the 1996 National Information
Infrastructure Protection Act:
<http://www.usdoj.gov:80/criminal/cybercrime/1030_anal.html>
[4] Computer Crime and Intellectual Property Section, U.S. Department of
Justice, Field Guidance on New Authorities That Relate to Computer Crime
and Electronic Evidence Enacted in the USA Patriot Act of
2001<http://www.usdoj.gov:80/criminal/cybercrime/PatriotAct.htm>
Knowbotic Research to Provider:
Knowbotic Research got informed that you want the New Museum to shut down
our server inside their network.
Could you please inform me what are the reasons for this decision? We got
informed that there was only one complaint until now
from an ISP concerning our Public Domain Scanner.
The museum has informed this ISP about the art project and as far as I
know this ISP showed afterwards sympathy for this project which does not
obscure security issues in the network and provides a transparent plattform
for this topic inside the artworld.
Is this one complaint the full reason to stop our project?
Provider:
As you can see at our Acceptable Use Policy AUP, running security software,
scans against machines you do not have permission to run them against
cleary violates a number of provisions of our Acceptable Use Policy.
We are required by our upstream providers to carry these clauses, and can
lose our access if we do not enforce them. I assure you, our enforcement of
the AUP is nondiscriminatory, based soley on the nature of the violations,
not the motives behind them.
Once again, let me repeat that this decision is based soley upon our
contractual obligations to our upstream providers, and the desire to
protect our reputation as a responsible ISP. In no way are we making any
claims as to the artistic merits of the project.
Knowbotic Research: These provokes the question: Who is the net.constituent
behind the upstream provider?
Open Law expert:
Your experience here is actually a very interesting part of the project. It
demonstrates how private parties can exert control of the public domain
well beyond what the law requires. Even with institutional support for your
installation, you are often at the mercy of other economic actors -- the
ISPs whom the museum and you depend on for connectivity, who in turn depend
upon higher-up ISPs to preserve their connections to the Internet. Any
player in this chain has the ability to break the connection and prevent
you from displaying and contributing to the public discussion, based on its
own feelings, contracts, and interpretations of the law, before any judge
is called in to determine whether the activity is legal.
Curator Steve Dietz:
The fact that Minds of Concern is potentially undermined by the legal
system in the form of a standard or "shrinkwrap" license the New Museum has
with its ISP is not insignificant. It is precisely a legal bug and the
strategy by which so much of the public domain in the U.S., at least,
escapes Constitutional and other legal protections by entering into
[voluntarily?] contractual agreements that void and/or supercede these
supposed rights.
Commment Mailing List Lachlan Brown:
Indeed, the distinction between assumed rights and legal guarantee of
rights, public and private, residesin an interstitial state. Not a 'grey
area' to be filled in between the public and private by new conditions for
cyber' space, but a contest in which like a Venn Diagramme the public and
private vie over the terrain they both occupy.
Add to this the interests of several dozen States, thousands of public
service institutions hundreds of thousands of companies and millions of
users, well... . What would we call it? War? Wrestling? or Seduction? A
Million times a million contests. Cultural confusion.These webs of the law
are durable and have easy translation to the new media distributive
terrain. Despite word play or administrative/bureaucratic assumptions of
power. The really interesting fact is that States, institutions, companies,
individuals, but not collectivities like artists, writers, coders, primary
producers and so on, are beginning to 'stand-off' this terrain. We might,
after all, consider a return to the question of the aesthetic, and then of
policy, and thenof law over several years. It will become clear as we do so
that we NEED insitutions, new institutions perhaps, that are able to host
the work you do.