home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!dreaderd!not-for-mail
- Message-ID: <computer-virus/alt-faq/part3_953842042@rtfm.mit.edu>
- Supersedes: <computer-virus/alt-faq/part3_952514862@rtfm.mit.edu>
- Expires: 21 Apr 2000 20:07:22 GMT
- References: <computer-virus/alt-faq/part1_953842042@rtfm.mit.edu>
- X-Last-Updated: 2000/02/29
- Organization: none
- From: George Wenzel <gwenzel@telusplanet.net>
- Newsgroups: alt.comp.virus,comp.virus,alt.answers,comp.answers,news.answers
- Followup-To: alt.comp.virus
- Subject: [alt.comp.virus] FAQ Part 3/4
- Approved: news-answers-request@MIT.EDU
- X-no-archive: yes
- Originator: faqserv@penguin-lust.MIT.EDU
- Date: 23 Mar 2000 20:09:06 GMT
- Lines: 312
- NNTP-Posting-Host: penguin-lust.mit.edu
- X-Trace: dreaderd 953842146 2960 18.181.0.29
- Xref: senator-bedfellow.mit.edu alt.comp.virus:101520 comp.virus:30978 alt.answers:47998 comp.answers:40197 news.answers:180076
-
- Archive-name: computer-virus/alt-faq/part3
- Posting-Frequency: Fortnightly
- URL: http://www.sherpasoft.org.uk/acvFAQ/
- Maintainer: Co-maintained by David Harley, Bruce Burrell, and George Wenzel
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- alt.comp.virus (Frequently Asked Questions)
- *******************************************
-
- Version 1.1 : Part 3 of 4
- Last modified 19th August 1999
-
-
- ("`-''-/").___..--''"`-._
- `6_ 6 ) `-. ( ).`-.__.`)
- (_Y_.)' ._ ) `._ `. ``-..-'
- _..`--'_..-_/ /--'_.' ,'
- (il),-'' (li),' ((!.-'
-
-
-
- ADMINISTRIVIA
- =============
-
- Disclaimer
- - ----------
-
- This document is an honest attempt to help individuals with computer
- virus-related problems and queries. It can *not* be regarded as being
- in any sense authoritative, and has no legal standing. The authors
- accept no responsibility for errors or omissions, or for any ill effects
- resulting from the use of any information contained in this document.
-
- It should not be assumed that this document is up-to-date in all
- respects.
-
- Not all the views expressed in this document are those of the maintainers,
- and those views which *are* those of the maintainers are not necessarily
- shared by their respective employers.
-
- Copyright Notice
- - ----------------
-
- Copyright on all contributions to this FAQ remains with the authors
- and all rights are reserved. It may, however, be freely distributed
- and quoted - accurately, and with due credit. B-)
-
- It may not be reproduced for profit or distributed in part or as a whole
- with any product or service for which a charge is made, except with
- the prior permission of the copyright holders. To obtain such permission,
- please contact one of the co-maintainers of the FAQ.
-
- David Harley <D.Harley@icrf.icnet.uk>
- George Wenzel <gwenzel@telusplanet.net>
- Bruce Burrell <bpb@umich.edu>
-
- [Please check out the more detailed copyright notice at the beginning
- of part 1 of the FAQ]
-
- - ------------------------------------------------------------------------
-
- TABLE OF CONTENTS
- *****************
- ++ See Part 1 of this FAQ for the full Table of Contents
-
- Part 3
- ------
- (13) What are the legal implications of computer viruses?
-
- (13) What are the Legal Implications of Computer Viruses?
- =========================================================
-
- **********************************************************************
- The material in this section has no formal legal standing. It consists
- of several persons' attempts to interpret and clarify the legal
- issues, and cannot possibly be authoritative. If you want bona-fide
- legal advice, seek a qualified lawyer.
-
- This section hasn't been updated in a good while, and isn't likely
- to be in the near future, so it can't possibly be more than a rough
- guide to the issues.
- **********************************************************************
-
- Overview
- - --------
-
- It isn't possible to deal briefly with all the relevant legislation in
- one country, let alone all of them. In the USA, local statutes may be
- much more rigorous than federal legislation, which is, arguably, more
- concerned with computers in which the government has an interest than
- it is with those belonging to individuals.
-
- In many countries, writing of viruses is not an offence in itself,
- whereas in others, not only is this not the case, but distribution,
- even the sharing of virus code between antivirus researchers is,
- at least technically, also an offence.
-
- Once a virus is released 'into the wild', it is likely to cross
- national boundaries, making the writer and/or distributor answerable
- for his/her actions under a foreign legal system, in a country
- he/she may never have visited.
-
- Where virus writing and distribution may not apply locally in a
- particular case, the individual may nevertheless be subject to
- civil action: in other words, where you may be held to have
- committed no offence, you may still be sued for damage.
-
- Some of the grounds on which virus writing or distribution may be
- found to be illegal (obviously I'm not stating that all these grounds
- will apply at all times in all states or countries!) include:
-
- * Unauthorized access - you may be held to have obtained unauthorised
- access to a computer you've never seen, if you are responsible for
- distribution of a virus which infects that machine.
- * Unauthorized modification - this could be held to include an infected
- file, boot sector, or partition sector.
- * Loss of data - this might include liability for accidental damage as
- well as intentional disk/file trashing.
- * Endangering of public safety
- * Incitement (e.g. making available viruses, virus code, information
- on writing viruses, and virus engines)
- * Denial of service
- * Application of any of the above with reference to computer systems or
- data in which the relevant government has an interest.
-
- Since the law does vary widely from country to country (and even
- within countries), it is entirely possible for one to break
- the law of another country, state, province, or whatever, without ever
- leaving your own, and since extradition treaties do exist, perhaps it's
- best to assume that any act that might be construed as being or causing
- wilful and malicious damage to a computer or computer system could
- get you a roommate with undesirable tendencies and no social graces. :)
-
- The best advice to give to any one contemplating a possibly illegal act
- would be to contact their local Crown Prosecutor, Crown Attorney,
- District Attorney, or whatever label the local government prosecutor
- wears. Acting on the advice of one's own attorney doesn't render one
- immune from prosecution, and the cost of defence can be high, even if
- successful.
-
- An extremely biased opinion is that very often attorneys attempt to
- provide the answer they believe the client wishes to hear, or give an
- opinion in areas where they have no real expertise. Prosecutors, on
- the other hand, tend to look at a particular action in the light of
- whether a successful prosecution can be mounted. If the local Crown
- Prosecutor were to suggest that something was a Bad Thing, I should be
- extremely nervous about doing it. :)
-
- USA & Canada
- - ------------
-
- The following is an interpretation of the laws in the USA and
- Canada, and has no legal standing as an authoritative document in
- those countries or any other. Relevant legislation in other parts of
- the world may be very different and in some cases far stricter.
-
- Many thanks to David J. Loundy for his assistance with the legalities
- regarding computer crime. A valuable source of information on this
- topic can be found in his E-Law paper, which can be accessed
- via the URL:
-
- http://www.Loundy.com/E-LAW/E-Law4-full.html
-
- It is illegal in both the USA and Canada to damage data within
- a computer system which is used or operated by the
- government. This means that if you write a virus, and it
- eventually infects a government system (highly probable),
- you are in violation of the law. Inclusive in this category
- are damages incurred due to computer stoppages (i.e.
- writing a virus that causes a computer to crash or become
- unusable), and viruses that destroy data.
-
- The question regarding the writing of malevolent computer
- viruses being illegal isn't really that hard to answer: It is
- illegal to write and spread a virus that infects a government
- system. Federal law is unclear as to whether this extends to
- private computer systems as well, but State statutes are frequently
- unequivocal about defining virus-related crimes against property.
-
- The question has come up, however, about the distribution
- of viruses and virus-related programs. A general guideline
- is that it is legal to distribute viruses, for example, on a BBS,
- as long as the people who are downloading the virus know
- EXACTLY what they are getting. If you intentionally infect a
- file and make it available for downloading, you may be
- subject to prosecution. Your conscience should be your
- guide in this kind of a situation. If a virus distributed by you
- is used to damage or otherwise modify a major system, you can be
- held accountable.
-
- Note that there are different kinds of distribution for viruses.
- If you simply make a virus available on a web page, and clearly
- label it as such, then you are unlikely to face any (criminal)
- consequences. The possibility exists, however, that you could
- be charged under "incitement" laws - in other words, it could
- be argued that distributing viruses on web pages (even if clearly
- labeled as such) amounts to inciting other people to use the
- viruses to break laws.
-
- If you distribute the virus via newsgroups, however,
- you may be held liable. Distributing viruses via newsgroups, e-mail
- lists, and the like can lead to prosecution because these media 'push'
- viruses to people who would otherwise not want them on their systems.
- This is not the case with simply placing a virus on a web page (provided
- your ISP doesn't have problems with it). Keep in mind, however, that
- an ISP's stance on viruses can change quickly if negative publicity
- comes about due to their inaction in removing the viruses on their
- systems.
-
- The reason that the explanations in this section are vague
- is that the laws in various states, provinces, etc., are
- different, and you should check with your local police before
- you decide you want to distribute viruses.
-
- If you spread a virus unknowingly, you generally cannot be
- prosecuted unless it can be proven that you spread the
- virus due to pure carelessness. The definition of
- carelessness has not been tested in a court of law, as
- far as I know at the date of writing (9/22/95)
-
-
- The Canadian Criminal Code
- - --------------------------
-
- Please bear in mind that the following information was culled from the
- Criminal Code in 1993 and those sections may have been expanded or
- revised since then, or possibly some computer-specific legislation may
- have been enacted of which we are unaware.
-
- No mention is made in the Code (as of 1993) of computer viruses as such,
- but it would seem that prosecution under Sec. 430 (Mischief) or
- section 342.1 (Unauthorized use of computer) would be appropriate.
-
- Apparently the laws governing trespass have not been considered as
- having any application in cyberspace. Offenders under section 342.1
- would be charged with mischief, which covers a multitude of sins
- under Canadian law. The penalties stipulated in Sec. 342.1 are the
- same as the penalties for sabotage, just as a point of interest.
-
- A prosecutor would probably deal with incitement (i.e. inciting
- somebody else to maliciously use viruses) under Sec. 21 (Parties
- to offence), Sec. 463 (Attempts), or Sec. 465 (Conspiracy).
-
- Sec. 21-24 of the Criminal Code may be of interest because they
- detail aiding and abetting, incitement, and related issues which
- have some application in the realm of viruses.
-
- Under certain circumstances, laws in other countries may be applicable
- in cyberspace, where there are no formal territorial boundaries. For
- instance, Sec. 465 (4) of the Canadian Criminal Code stipulates that every
- one, "while in a place outside Canada" conspires to commit an offence in
- Canada "shall be deemed to have conspired in Canada to do that thing."
-
- The UK
- - ------
-
- In the UK, the Computer Misuse Act makes it a crime to make an
- unauthorised modification on a computer. If you own a computer, you
- can authorise anything you want for that computer, so you can
- spread a virus on a computer you own. A virus makes a modification,
- so if someone deliberately spreads a virus on someone else's
- computer, that's a crime. Giving a virus to someone else isn't a
- crime if it's with his/her knowledge and permission, however. So,
- sending a diskette with a virus on to an AV company, together with
- a note saying "There's a virus on this disk, please investigate it
- for me" is legal.
-
- If an action is a crime, then encouraging that action can also be a
- crime ("incitement").
-
- If you spread a virus unwittingly, then it isn't a crime, as you
- don't have "intent".
-
- If someone is negligent, and so spreads a virus (even unwittingly),
- then there could be a civil action for damages through negligence.
-
- Further Information
- - -------------------
-
- Computer Crime (Icove, Seger, Von Storch) - O'Reilly
- Computer Law & Security Report (periodical) - Elsevier Advanced Technology
-
- Dr. Alan Solomon includes information on Hacking and Virus Laws in the
- UK and elsewhere on his webpage at:
-
- http://www.pcug.co.uk/~drsolly/
-
- The ICSA has details on state computer crime laws:
-
- http://www.icsa.net/icsalaws/
-
- Try also:
-
- http://www.law.cornell.edu/
-
-
- - -----------------------------------------------------------------------
-
- End of a.c.v. FAQ Part 3 of 4
-
- -----BEGIN PGP SIGNATURE-----
- Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
- Comment: PGP Key ID 0xDCC35C75 available on Keyservers
-
- iQCVAwUBN7xpObcpzG7cw1x1AQELYAP/XC7bnLxDZLO46JQNy5SN9Y7nlVbGhzen
- 31HAtN1Xsz2vLaqHV/EUKgFQFz+JFUJY35F24iVGqknZLYu2edyC/tjO/FOAv/kX
- qHOh4mEeXYXEf/AsXck3hrnwDMw3z+DR7lgSqeJzE4bri8DKEDsBrCyuBmE0DmsK
- BpFyL0Jc6ak=
- =ogr9
- -----END PGP SIGNATURE-----
-
-