1996-04-23 - Re: Bernstein ruling meets the virus law

Header Data

From: Bruce Marshall <brucem@wichita.fn.net>
To: cypherpunks@toad.com
Message Hash: 651c7dbe5e35d5c12b0dffc21ff75e4b7d1097821d17269df10c6dfd748bd455
Message ID: <Pine.BSI.3.91.960422151102.19963B-100000@wichita.fn.net>
Reply To: <Pine.SCO.3.91.960422142653.7158C-100000@grctechs.va.grci.com>
UTC Datetime: 1996-04-23 01:34:08 UTC
Raw Date: Tue, 23 Apr 1996 09:34:08 +0800

Raw message

From: Bruce Marshall <brucem@wichita.fn.net>
Date: Tue, 23 Apr 1996 09:34:08 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.SCO.3.91.960422142653.7158C-100000@grctechs.va.grci.com>
Message-ID: <Pine.BSI.3.91.960422151102.19963B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Apr 1996, Mark Aldrich wrote:

> On Mon, 22 Apr 1996, Bruce Marshall wrote:

> >      Several other countries have very similiar laws.  However, I had 
> > heard a somewhat unproven rumor that a U.S. state had actually made the 
> > writing of programs with malicious purposes illegal.  Basically meaning 
> > that if you write a virus you have committed a crime.  Like I said 
> > though, this was just a statement in a message so I can't vouch for the 
> > accuracy.

> But, define "malicious purpose."  One man's low-level format is another 
> man's desired application of the moment.

    There usually is a pretty apparent line between authorized and 
unauthorized functions in regards to computer programs.  I don't think 
that even Microsoft with their pages of disclaimers could release software 
that, unbeknownst to its user, destroyed data.  

> I hate to paraphrase a tired 
> line, but "self-replicating programs don't hurt computers - mean people 
> do."

    I have heard AV people argue that regardless of its purpose 
(malicious/destructive or not) all viruses can be harmful.  Whether this 
is simply running the computer out of memory or using bad system calls that 
result in data loss is irrelevant to them.  I don't quite buy into that 
argument since we can find the same flaws to be inherent in any software we
run.  However, since you haven't really consciously allowed the program to do
whatever it is doing, the person who infected your machine is typically to be
held responsible for unauthorized access at a minimum.

>  The term "virus" connotes a pathogenic quality in the mind of 
> many.  Unfortunately, this tendency continues in the use of the word 
> 'virus' within our community.

    Personally, I can see many useful functions for viruses.  But I find the 
viruses that simply destroy data--which tends to be the majority--to be 
quite boring and childish.  A non-destructive and innovative virus is 
very interesting and comparable to any good software hack in my eyes.

> While I understand that "intent" is something with which lawyers have to 
> contend when they defend or prosecute a case, I don't think that the 
> notion of intent to commit harm extrapolates correctly into the field of 
> virus writing. 

    These were not my thoughts as I was only commenting on a alleged law 
that had been passed.  I agree that we can't look into our crystal ball 
and see whether Mr. McViruswriter had really intended for his virus to 
wipe out part of the Secret Service's computer network.  I would wager 
that if legislators did indeed pass such a law in the U.S., they probably 
were hammered with the same type of anti-virus propaganda that AV people 
always seem to be throwing out.

Bruce Marshall





Thread