Hack a Day » law

Do your projects violate International Traffic in Arms Regulations?

Mike Szczys — Tue, 12 Apr 2011 16:01:02 +0000

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

Filed under: security hacks

SparkFun gets a cease and Desist

Caleb Kraft — Fri, 23 Oct 2009 19:30:13 +0000

[Nate] over at SparkFun Electronics has posted a cease and desist letter he received from SPARC industries. Apparently their legal department feels that his name is close enough to theirs to ignite a legal battle. They are demanding that he transfer his domain to them immediately to extinguish the flames. This all seems a bit silly, his name isn’t really at all like theirs and his product isn’t similar either. To add to the peculiarity of this, going to their site throws up a big red malware warning for us (in chrome).

[thanks IraqiGeek]

Posted in news

Botnet attack via P2P software

Juan Aguilar — Sun, 29 Jun 2008 07:30:00 +0000

P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though, the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.

Violating Terms Of Service equals hacking

Juan Aguilar — Wed, 28 May 2008 02:00:00 +0000

A new legal precedent may be set with the case of [Lori Drew], the St. Louis woman who posed as a teenage boy on MySpace and harassed 13-year-old [Megan Meier] until she committed suicide. Drew is being charged under the computer fraud and abuse act, on the grounds that she violated the terms of service agreement of MySpace. If she is convicted of these charges (she is also being charged with conspiracy), it may allow for the criminal prosecution of anyone who violates the terms of service agreement of a site under the same law.

The computer fraud and abuse act was written primarily to target hackers who break into private networks to steal or destroy information, but prosecutors will argue that by willfully violating the MySpace user agreement, Drew’s access to the site was not authorized and thus an illegal intrusion.

The ramifications for a typical user may reach further than website TOS violations though; if for example, you have an unprotected wireless network at home or in your office, it could be a violation of the agreement with your ISP. Right now an ISP could cut your service, but if a new precedent is set, you could be charged with fraud.

If you’re a user of a social network, though, you may already be a guilty of what would be felony offenses. The major social networks all include a clause in their TOS agreements against using libelous, slanderous, or defamatory content. What’s more, if convicted of even one offense, the maximum penalty under the expanded law is 10 years of incarceration. Since Drew is being tried on two counts, she is facing a maximum of 20 years for these charges alone.

The decision to invoke the law has been criticized by many legal experts, suggesting that it creates a slippery slope where even people running a home eBay business or checking sports scores at work can be prosecuted.

[via Acidus]