[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: Botmasters/Victims and DMCA
From: Viva Colombia <vivacolombia2005 () gmail ! com>
Date: 2009-09-22 18:06:43
Message-ID: b08c14ee0909221106s857004bl646e07a3c5eced99 () mail ! gmail ! com
[Download RAW message or body]
Shailesh, just to make one thing clear: prosecuted under criminal law,
tried under civil law; prosecuted for having commited a crime, tried
for causing damage or harm to a third party.
Although it would indeed be funny to find a botmaster that would aim
at being eligible for DMCA's safe harbor provisions, it still is an
interesting starting point for further legal analyses.
And my paper is being at first drafted in Spanish, hopefuly I'll have
the time to translate it and send it over in English...
Carlos Alvarez
On Fri, Sep 18, 2009 at 11:36 AM, Shailesh Rangari
<shailesh.sf@gmail.com> wrote:
> Hmm that was a real eye opener for me. I personally was completely unaware
> about this fact that one could still be prosecuted under civil law, if not
> criminal law.
>
> This is more of an after thought and I'm not sure if you would find this
> interesting or relevant. But anyways I'll still mention it.
> In Information Security per se, 'Externalities' play a significant role in
> how risks are assessed, how policies are formulated and how violations are
> dealt with. For example, the practice of being a 'good netizen' on the WWW
> still remains somewhat under appreciated. As a thumb rule most individuals
> would put their antivirus on an autopilot mode and would never bother to
> check its logs until the unthinkable happens. So if they were an vector for
> infection to their WWW neighbor's it is an irrelevant, insignificant and at
> times a trivial detail to them. In the classical economist perspective this
> behavior is often attributed to 'Externalities'.
> Though I'll leave it for the attorneys to interpret and the courts to decide
> whether or not Botmasters can be categorized as service providers, I
> personally opine that they can be termed as ISP's as per Sec. 512(a),(b) and
> maybe even Sec. 512(c) of DMCA.
> And pertaining to the safe harbor provisions, Botmasters do follow a written
> & published policy and nor do they inform their victims of their terms of
> service. So I can see at least one reason (thankfully) why Botmasters cannot
> invoke the safe harbor provision(s). Think you can see the irony in this
> statement.
> Your paper seems to have quite an interesting scope. Because I'm also a
> Graduate Student in Information Security, I would be interested in knowing
> how this spans out.
> Regards,
> Shailesh
> On Wed, Sep 16, 2009 at 3:01 PM, Viva Colombia <vivacolombia2005@gmail.com>
> wrote:
> >
> > Regarding what Shailesh kindly replied, I believe I must note here
> > that in civil law countries (as opposite to case law countries such as
> > the US), the owner of a computer that has been compromised in a botnet
> > might be held liable for the damages that his lack of diligence or his
> > negligence (that are two different concepts) cause to third parties
> > when it results in him not securing his machine as others in his same
> > circumstances would have reasonably done so: if that person is a
> > "pater familias" (a home user) then he should protect his home
> > computer in the same way a caring father would, in order to truly
> > protect the privacy of those he loves the most and to protect his
> > other valuable assets, such as his financial information and the like.
> > And, if that person was any one of you, security experts, then he
> > would have had to secure his computer according to widely accepted
> > standards of security. That person could theoricaly, at least, be
> > bound to repay third parties affected due to the activities conducted
> > through his/her computer thanks to his/her lack of diligence or
> > negligence.
> >
> > It would not be a crime thus this person would not be prosecuted. It
> > would be a civil matter.
> >
> > The case I'm pointing out here is one in which the botmaster is
> > accused of piracy committed through the botnet, among other crimes;
> > and theoricaly imagining if it would be possible to try legal action
> > against any person if, for example, it was one of you who did not
> > secure its network appropriately, according to widely accepted
> > standards (or according to your employer's policies, if given).
> >
> > So far, I think I can conclude that the botmaster could indeed be
> > taken for a service provider; still it would be funny to think of a
> > botmaster fulfiling the requirements service providers must comply
> > with in order to be eligible to the safe harbor provisions within the
> > DMCA. But this is a good starting point for other theorical scenarios.
> > And with regards to the victim, as soon as I find an answer or further
> > develop my conclusions I'd let you know!
> >
> > If there are any further opinions I'd be more than glad to receive them...
> > > )
> >
> >
> >
> > On Tue, Sep 15, 2009 at 9:15 PM, Lane Christiansen <lanec42@gmail.com>
> > wrote:
> > > On Tuesday 15 September 2009 10:09:40 am Viva Colombia wrote:
> > > > Hi all, my question (for a legal paper that I'm writing) is whether a
> > > > botmaster and a person whose computer has been recruited in a botnet
> > > > can be considered as service providers, according to the broader
> > > > definition of service provider provided by 17 USC§512(k)(A-B). I've
> > > > found court decisions and some opinions, but none refer to botmasters,
> > > > they would only allow me to conclude that if theirs is an IRC botnet
> > > > and they provide, for example, chatting services through their command
> > > > & control bots, then they would indeed be service providers as per the
> > > > DMCA; but I found nothing related to whether peers in P2P botnets or
> > > > networks can be taken as service providers, bearing in mind that they
> > > > are used as storing devices and communications or transmittal nodes.
> > > >
> > > > I'm trying to analyze whether they could be held liable for violations
> > > > of the Copyright Act when said violations take place through and
> > > > thanks to the botnets and thanks to the negligence of the owner of the
> > > > infected machine (who did not protect it appropriately), and if they
> > > > two could successfully use the safe harbor provisions on their behalf.
> > > >
> > > > I hope I'm not too confusing...
> > > >
> > > > Thx!
> > > I can't comment on this (IANAL), but I'd be very interested in reading
> > > your
> > > paper - it'd be awesome if you could post it here when you're finished!
> > >
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate. We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
> >
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate. We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic