Re: D-link problem - is it illegal?
- From: "Dave (from the UK)" <see-my-signature@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 16 Apr 2006 16:59:08 +0100
Richard Clayton wrote:
In article <444171de@xxxxxxxxxxxxx>, Dave (from the UK) <see-my-
signature@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes
People are citing computer misuse acts.
not many... and they generally don't understand :(
That was my thought as I made clear, but I would like to see a legal opinion on it.
If anyone is legally qualified, and knows for sure whether this would be illegal or not, perhaps they would post a comment at the above site.
or here... there's quite a lot of comments already :) and there is not
the place to explain the crucial difference between criminal and civil
law ... whereas here, the audience is more likely to understand!
Well it is your server, but it might clear up a point. Correct the few that believe it is illegal.
2) This problem was bought to D-links attention about 5 months ago. Is failing to address it properly within a reasonable time frame illegal?
of course not (you must be thinking of the penalty of transportation for
life in the Dilatory Actions Bill, which the House of Lords threw out in
1841)...
No, I was not thinking of any specific law that I knew of. But since I am not a lawyer, there may be others I am not aware of.
It would not seem entirely unreasonable in this case.
however, failing to deal with a problem in a timely manner might affect
the quantum of damages in a civil case, should one be successful
The funny thing here is that it is the end-users causing the abuse, not D-link themselves. With the exception of the routers they use internally for testing, they are not directly causing the abuse.
Their previous engineering decisions have resulted in end-users creating the abuse - that *might* well be a very different thing in law.
3) If you know your D-link router/WiFi adapter etc is connecting to a time server it should not, are you breaking any law?
if you knew of the problem, and had been explicitly asked to stop it
from doing that connection, then the server operator could conceivably
sue for damages if you didn't comply... the court would look at the
circumstances (for example, how clear the request was, how trivial it
would be for you to fix the problem) and decide accordingly
Does it really matter how trivial it is for you to fix the problem? Let us say you can not fix it without switching it off (which I guess is trivial, but will affect you more seriously than the server owner). I don't see how that makes it any more right to continue.
Again, IMNAL.
whether a stratum 1 operator could demonstrate damage from a single D-Link device is more questionable...
Impossible I would think.
compared with sites that generate
two million queries an hour to root name servers, the individual traffic
load of one packet every 30 seconds is pretty small!
What sort of sites would two million requests/hour as a matter of interest?
I seems to me when D-link wrote the code, they were not aware of the problem.
Agreed. I think that shows a level of incompetence, but not malice.
if you're looking at D-Link's responsibility again (this section of your
questions appeared to be about individual owners) then the question that
a court might look at would be whether they were negligent in not
understanding the NTP server system before sending traffic to it
If by "they" you mean the end-users, then surely it would not be hard for Poul-Henning or one of the other servers owners to construct a letter/email that sets it out in very basic terms. I'm sure I could explain the basic issue to my wifes grandchildren who are only 13.
I wonder what the implications of a letter/email from the admin of ntp2.usno.navy.mil, or one of the .gov sites being abused to a few end-users in the USA might be. That could cause the **** to really hit the fan. It could also backfire, so needs careful thought.
Sending an email to an ISP might also be an intersecting tactic. I imagine it would have a fairly high probability of making some mainstream news if a .gov or .mil sites asked AOL to block it.
Unlike some, I don't believe it is the job of the server operators to find a technical solution. But writing to a few end users/ISP's might cause an interesting backlash against D-link. But it would be much better if it come from a .mil or .gov site.
IANAL, but I know a few and have thought hard about DoS/DDoS
complexities when questions of authorisation and intent arise
http://www.cl.cam.ac.uk/~rnc1/complexity.pdf
I need to wash the car now, but will take a look at that later.
It seems to me the technical issues are pretty trivial (boring) on this issue. The legals ones are more complex and interesting.
Also, having dealt with Poul-Henning before, where he kindly loaned me the service manual for the HP 5370B time-interval counter, I'd like to see him get this resolved to his satisfaction. It is clear he is a nice guy who would not try to exploit anyone. He only wants to recover the costs he incurs.
--
Dave K MCSE.
MCSE = Minefield Consultant and Solitaire Expert.
Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.
.
- Follow-Ups:
- Re: D-link problem - is it illegal?
- From: AlanG
- Re: D-link problem - is it illegal?
- References:
- D-link problem - is it illegal?
- From: Dave (from the UK)
- Re: D-link problem - is it illegal?
- From: Richard Clayton
- D-link problem - is it illegal?
- Prev by Date: Re: ...instant on-the-spot judgment, not justice.
- Next by Date: Re: Police killer drivers - they're still mowing down people
- Previous by thread: Re: D-link problem - is it illegal?
- Next by thread: Re: D-link problem - is it illegal?
- Index(es):
Relevant Pages
|
