RE: [nznog] Crimes Amendment Bill No 6 Now Law
----Original Message---- From: Tony McGregor [mailto:tonym(a)cs.waikato.ac.nz] Sent: Tuesday, 8 July 2003 2:46 PM To: Stephen Andrew Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law
Since access means "make use of any of the resources of the computer system" and "access without authorisation" includes "directly or indirectly" didn't the internet just become illegal?
I have no authorisation to access most of the routers and SNMP gateways my packets went through to get to you.
You can probably get around it using the argument that subsection (2) makes any access at all legal as long as you were given permission to do something first; "(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system. "(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access. Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act). -- Andrew This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way.
How about this; I change the SMTP HELO banner to say something like "I do not give authorisation to send unsolicited email through this system". This would then mean that this text is sent to the SPAMers server before they sent a SPAM. Should they proceed a warning was clearly given saying that authorisation was not given. I hope this stands up in court. I really look forward to laying a criminal charge against SPAMers operatig from NZ. -----Original Message----- From: Stephen Andrew [mailto:Andrew.Stephen(a)nzpost.co.nz] Sent: 8 July 2003 2:56 p.m. To: 'Tony McGregor' Cc: 'nznog(a)list.waikato.ac.nz' Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law ----Original Message---- From: Tony McGregor [mailto:tonym(a)cs.waikato.ac.nz] Sent: Tuesday, 8 July 2003 2:46 PM To: Stephen Andrew Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law
Since access means "make use of any of the resources of the computer system" and "access without authorisation" includes "directly or indirectly" didn't the internet just become illegal?
I have no authorisation to access most of the routers and SNMP gateways my packets went through to get to you.
You can probably get around it using the argument that subsection (2) makes any access at all legal as long as you were given permission to do something first; "(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system. "(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access. Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act). -- Andrew This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way. _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
My new Sendmail greeting line. Please please let this become law. O SmtpGreetingMessage=$j $b You are not authorised to send unsolicited email to this system. Disconnect now if this is your intention. By sending an unsolicited email you may be breaking the Crimes Act of New Zealand, and risking prosecution. -----Original Message----- From: Philip D'Ath [mailto:pid(a)ifm.net.nz] Sent: 8 July 2003 3:05 p.m. To: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law How about this; I change the SMTP HELO banner to say something like "I do not give authorisation to send unsolicited email through this system". This would then mean that this text is sent to the SPAMers server before they sent a SPAM. Should they proceed a warning was clearly given saying that authorisation was not given. I hope this stands up in court. I really look forward to laying a criminal charge against SPAMers operatig from NZ. -----Original Message----- From: Stephen Andrew [mailto:Andrew.Stephen(a)nzpost.co.nz] Sent: 8 July 2003 2:56 p.m. To: 'Tony McGregor' Cc: 'nznog(a)list.waikato.ac.nz' Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law ----Original Message---- From: Tony McGregor [mailto:tonym(a)cs.waikato.ac.nz] Sent: Tuesday, 8 July 2003 2:46 PM To: Stephen Andrew Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law
Since access means "make use of any of the resources of the computer system" and "access without authorisation" includes "directly or indirectly" didn't the internet just become illegal?
I have no authorisation to access most of the routers and SNMP gateways my packets went through to get to you.
You can probably get around it using the argument that subsection (2) makes any access at all legal as long as you were given permission to do something first; "(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system. "(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access. Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act). -- Andrew This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way. _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Tue, 8 Jul 2003, Philip D'Ath wrote:
My new Sendmail greeting line. Please please let this become law.
O SmtpGreetingMessage=$j $b You are not authorised to send unsolicited email to this system. Disconnect now if this is your intention. By sending an unsolicited email you may be breaking the Crimes Act of New Zealand, and risking prosecution.
Wouldn't you have to enshrine in law that MUAs must display HELO/EHLO greetings to users? Normally, nobody would see the greeting. -- Juha Saarinen
At 15:21 8/07/03 +1200, you wrote:
On Tue, 8 Jul 2003, Philip D'Ath wrote:
My new Sendmail greeting line. Please please let this become law.
O SmtpGreetingMessage=$j $b You are not authorised to send unsolicited
to this system. Disconnect now if this is your intention. By sending an unsolicited email you may be breaking the Crimes Act of New Zealand, and risking prosecution.
Wouldn't you have to enshrine in law that MUAs must display HELO/EHLO greetings to users?
Normally, nobody would see the greeting.
Normally nobody reads the fineprint in contracts or EULA's but it's still there :) Which "users" are you refering to anyway ? User X out on the internet sending you a message is usually going to go via their ISP's outgoing mailserver, so they're not connecting to your mailserver anyway. Only their ISP's mailserver will be connecting to your mailserver and "seeing" the HELO response. Of course many spammers go direct to MX so their software would "see" the message, not that its worth much :) Regards, Simon
On Tue, 8 Jul 2003, Simon Byrnand wrote:
Normally nobody reads the fineprint in contracts or EULA's but it's still there :)
Well... you need to have some sort of action from the EULA reader for it to become valid (ie. a click on the button that says "Yes, please, here's my soul and my firstborn").
Which "users" are you refering to anyway ? User X out on the internet sending you a message is usually going to go via their ISP's outgoing mailserver, so they're not connecting to your mailserver anyway. Only their ISP's mailserver will be connecting to your mailserver and "seeing" the HELO response.
Very true. That would invalidate the whole thing, if you spammed via your ISP's mail server. No way to see the greeting. -- Juha Saarinen
Don't forget we are talking about the Crimes act, and in the very first section it says ignoragance is not a defence. For example, if I murder someone but don't look, I can't say that I'm innocent because I didn't see myself committing the crime. I'm clearly giving a warning via the SMTP greeting line. A user claiming they have not seen it is not a defence. -----Original Message----- From: Juha Saarinen [mailto:juha(a)saarinen.org] Sent: 8 July 2003 3:29 p.m. To: Simon Byrnand Cc: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law On Tue, 8 Jul 2003, Simon Byrnand wrote:
Normally nobody reads the fineprint in contracts or EULA's but it's still there :)
Well... you need to have some sort of action from the EULA reader for it to become valid (ie. a click on the button that says "Yes, please, here's my soul and my firstborn").
Which "users" are you refering to anyway ? User X out on the internet sending you a message is usually going to go via their ISP's outgoing mailserver, so they're not connecting to your mailserver anyway. Only their ISP's mailserver will be connecting to your mailserver and "seeing" the HELO response.
Very true. That would invalidate the whole thing, if you spammed via your ISP's mail server. No way to see the greeting. -- Juha Saarinen _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
At 15:37 8/07/03 +1200, Philip D'Ath wrote:
Don't forget we are talking about the Crimes act, and in the very first section it says ignoragance is not a defence.
For example, if I murder someone but don't look, I can't say that I'm innocent because I didn't see myself committing the crime.
I'm clearly giving a warning via the SMTP greeting line. A user claiming they have not seen it is not a defence.
But someone spamming through their ISP's outgoing mailserver *can not* see the HELO/EHLO line of the recipients mailserver. So they *can* claim they havn't seen it. Of course, their own ISP could put something in *their* servers HELO/EHLO to say that spamming isn't acceptable, but thats a different matter. Regards, Simon
On Tue, 2003-07-08 at 15:37, Philip D'Ath wrote:
Don't forget we are talking about the Crimes act, and in the very first section it says ignoragance is not a defence.
For example, if I murder someone but don't look, I can't say that I'm innocent because I didn't see myself committing the crime.
I'm clearly giving a warning via the SMTP greeting line. A user claiming they have not seen it is not a defence.
Ignorance of the law is no defence.
Ignorance of your SMTP greeting line may well be.
The idea of reasonable-ness comes into play.
Can the ordinary person (or even the ordinary sysadmin) be reasonably
expected to read the SMTP greeting line of every server they connect to?
--
Steve Withers
Steve Withers wrote:
Can the ordinary person (or even the ordinary sysadmin) be reasonably expected to read the SMTP greeting line of every server they connect to?
Is there even any MUA that displays it, allows you to read it, and confirm, before sending the mail.
On Tue, 8 Jul 2003, Jeremy Brooking wrote:
Is there even any MUA that displays it, allows you to read it, and confirm, before sending the mail.
Time to develop one that pops up an: "AGREEMENT TO SEND EMAIL TO $MTA" dialogue... -- Juha Saarinen
-----Original Message----- From: Philip D'Ath [mailto:pid(a)ifm.net.nz] My new Sendmail greeting line. Please please let this become law.
O SmtpGreetingMessage=$j $b You are not authorised to send unsolicited email to this system. Disconnect now if this is your intention. By sending an unsolicited email you may be breaking the Crimes Act of New Zealand, and risking prosecution.
<Pedantic mode on> Um, isn't all email that isn't a reply or in response to a direct request "unsolicited"? Did you just miss out "commercial" or is the entire law (I'm not up with the play ATM) referring to "Unsolicited email"? Cheers - Neil G
At 15:04 8/07/03 +1200, Philip D'Ath wrote:
How about this; I change the SMTP HELO banner to say something like "I do not give authorisation to send unsolicited email through this system".
This would then mean that this text is sent to the SPAMers server before they sent a SPAM. Should they proceed a warning was clearly given saying that authorisation was not given.
I hope this stands up in court. I really look forward to laying a criminal charge against SPAMers operatig from NZ.
Is there much spam originating in NZ though I wonder ? Apart from the odd cases mentioned here *ahem* and open relays / proxies, I don't really recall seeing any that weren't already mentioned in NZNOG, or werent simply cases of overseas spammers making use of NZ open relays/proxies etc.... and in the latter case who are you going to lay a complaint against ? I'm sure no doubt there are cases, but it must be a tiny trickle in the overall flood of crap that comes from overseas.... :) Regards, Simon Byrnand iGRIN Internet
Is there much spam originating in NZ though I wonder ? Apart from the odd cases mentioned here *ahem* and open relays / proxies,
There was a good case of Spam this morning sent out to 100's of people (not usnig BCC).. All they had to say was: "Please accept my apologies for deluging you with emails. We have experienced a problem which has now been fixed.... but this unfortunately means that you have been inconvenienced in the meantime. It has all turned to custard and the technology has run away with itself in a big way!. There will not be a repeat performance and I am very, very sorry for the annoyance." Thanks Craig
Me too.
Could be interesting thing to deal with.
Edward
EdanNET
----- Original Message -----
From: "Philip D'Ath"
Since access means "make use of any of the resources of the computer system" and "access without authorisation" includes "directly or indirectly" didn't the internet just become illegal?
I have no authorisation to access most of the routers and SNMP gateways my packets went through to get to you.
You can probably get around it using the argument that subsection (2) makes any access at all legal as long as you were given permission to do something first; "(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system. "(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access. Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act). -- Andrew This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way. _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
I don't see why you need to have a banner at all. After all, if you haven't granted authorisation to spamers how can they argue they have access? On Tue, 8 Jul 2003, Philip D'Ath wrote:
How about this; I change the SMTP HELO banner to say something like "I do not give authorisation to send unsolicited email through this system".
This would then mean that this text is sent to the SPAMers server before they sent a SPAM. Should they proceed a warning was clearly given saying that authorisation was not given.
I hope this stands up in court. I really look forward to laying a criminal charge against SPAMers operatig from NZ.
-----Original Message----- From: Stephen Andrew [mailto:Andrew.Stephen(a)nzpost.co.nz] Sent: 8 July 2003 2:56 p.m. To: 'Tony McGregor' Cc: 'nznog(a)list.waikato.ac.nz' Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law
----Original Message---- From: Tony McGregor [mailto:tonym(a)cs.waikato.ac.nz] Sent: Tuesday, 8 July 2003 2:46 PM To: Stephen Andrew Subject: RE: [nznog] Crimes Amendment Bill No 6 Now Law
Since access means "make use of any of the resources of the computer system" and "access without authorisation" includes "directly or indirectly" didn't the internet just become illegal?
I have no authorisation to access most of the routers and SNMP gateways my packets went through to get to you.
You can probably get around it using the argument that subsection (2) makes any access at all legal as long as you were given permission to do something first;
"(1) Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
"(2) To avoid doubt, subsection (1) does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access.
Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act).
-- Andrew
This email with any attachments is confidential and may be subject to legal privilege. If it is not intended for you please reply immediately, destroy it and do not copy, disclose or use it in any way.
_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
---------------------------------------------------------------------------- Tony McGregor Mail: T.McGregor(a)cs.waikato.ac.nz Department of Computer Science Phone: +64 7 838 4651 Waikato University Fax: +64 7 858 5095(w) +64 7 825 5047(h) Private Bag 3105 Home: +64 7 825 5040 mobile: (021)313004 Hamilton, New Zealand www: http://www.cs.waikato.ac.nz/~tonym ----------------------------------------------------------------------------
Presumably this means privelege escalation is legal. By putting up a public web/mail/router service you are implying authorised access for some purpose (viewing a web page, sending an email, making packets go from A to B) thus /any/ use is now legal (as long as it it not dishonest by the terms of the act).
I don't see anything in the act that says making an unsecured service availiable implies authorisation. It seems to me (not that I'm a lawer) that the intent of the act is to make such access illegal, in the same way as it's illegal for you to take things from my house, even if I leave to door open.
participants (10)
-
Craig Whitmore -
Edward Yardley -
Jeremy Brooking -
Juha Saarinen -
nznog@neilnz.com -
Philip D'Ath -
Simon Byrnand -
Stephen Andrew -
Steve Withers -
Tony McGregor