new legal defense for file sharers
SAN FRANCISCO, California (Reuters) -- Prosecutors looking to throw the book at accused computer hackers have come across a legal defense expected to become even more widespread in an era of hijacked PCs and laptops that threatens to blur the lines of personal responsibility: the computer did it.
In one case that was being watched as a bellwether by computer security experts, Aaron Caffrey, 19, was acquitted earlier this month in the United Kingdom on charges of hacking into the computer system of the Houston Pilots, an independent contractor for the Port of Houston, in September 2001.
Caffrey had been charged with breaking into the system and crippling the server that provides scheduling information for all ships entering the world's sixth-largest port.
Although authorities traced the hack back to Caffrey's computer, he said that someone must have remotely planted a program, called a "trojan," onto his computer that did the hacking and that could have been programmed to self-destruct.
In two other cases, British men were accused of downloading child pornography but their attorneys successfully argued that trojan programs found on their computers were to blame.
In all three cases, no one has suggested that the verdicts were anything other than correct.
Some legal and security experts say the trojan defense is a valid one because computer hijacking occurs all the time and savvy hackers can easily cover their tracks.
"I've seen cases where there is a similar defense and it could work or not work based on corroborating evidence" such as how technical the defendant is, said Jennifer Stisa Granick, clinical director of the Sanford Law Center for Internet and Society.
It is relatively easy to trace a hack back to a particular computer, but proving that a specific person committed the crime is much more difficult, she and others said.
Someone other than the computer owner could use the machine, either by gaining physical access or remotely installing trojan software that was slipped onto the computer via an e-mail sent to the computer owner or downloaded from a malicious Web site, they said.
"On the one hand, this is 100 percent correct that you can not make that jump from computer to keyboard to person," said Bruce Schneier, chief technology officer at Counterpane Internet Security based in Cupertino, California. "On the other hand, this defense could [be used] to acquit everybody.
"It makes prosecuting the guilty harder, but that's a good thing," he added.
Mark Rasch, former head of the U.S. Department of Justice computer crime unit, agreed.
"The more difficult problem is people could actually go to jail for something they didn't do" as a result of trojan programs, said Rasch, chief security counsel for computer security provider Solutionary. "If I want to do something illegal I want to do it on someone else's machine."
But Dave Morrell, a computer consultant for the Houston Pilots who worked with the FBI after the attack, said the defense also opened the door to hackers.
"It sets a precedent now in the judicial system where a hacker can just claim somebody took over his computer, the program vanished and he's free and clear," he said
Michael Allison, chief executive of computer forensics firm Internet Crimes Group in Princeton, New Jersey, said experts should have been able to prove if there had been a trojan on the computer in question.
The defense is likely to become more widespread especially given the increasing use of "spyware" programs that can be used by hackers to steal passwords and essentially eavesdrop on a computer user, experts said.
"The emergence of spyware will only enhance these claims," said Michael Geist, a law professor at the University of Ottawa Law School in Canada. "We're going to have to sort through the level of responsibility a person has for operating their own computer."
The trojan defense has not yet been put to the test in the United States.
- CNN.com
(Maybe this will help them out! Spread the word!)
Good for a hacker, but I'd like to see someone get off on the "A trojan planted mp3s on my computer and shared them over kazaa" defense. :wings
i wasnt downloading music....someone else was, i was attacked by a trojan .
hahahahahahahaha
That defense is so lame.
[defense for filesharers]
Yeah, the trojan forced me to download a copy of kazaa, install it, run it, look for mp3s and kiddie porn, and then proceeded to execute the files in my winamp program so that the hacker then could listen/and watch.
[defense for hackers]
Yeah, that trojan made me go on all these hacking virus websites and download micellaneous programs that I had no clue were running at the time. Not to mention all my history logs of hacking websites ive been to, I guess it was my 5 yr old cousin that went on those while I was sleeping.
....
yea it's lame I understand but it's still a defense isnt it?
l8
like honestly, who does that?!?!
actually, taking over someones computer to share files is common, just not (yet) on mainstream file sharing clients like kazaa. check out almost any file sharing room on irc to see this. its not that big a stretch that someone might do the same with a kazaa trojan, except that sharing on kazaa isnt really worth it like it is elsewhere.
Yeah Muffin_Man tell em !!!
No really it would not be a good idea to make a virus that shares over the fasttrack network.
That would be illegal :)
And here I thought Trojans were condoms,but what do I know... : )
Hackers can do anything with a computer they want. They hacked into the p2p networks and are flooding them with bogus files on behalf of the **aa's. On the opposite coin I'm sure they are making stealth trojans that upload mp3's they find on peoples pc to confuse the **aa's. People cant be convicted in court or convictions can be over turned because the **aa's cant prove a self destructing trojan didn't do it. Its that simple. The bottom line is they have to have video taped evidence showing you at your pc typeing the commands to upload illegal files to convict you. Anyone who gives money and admits guilt is a complete fool and deserves to loose their money. Any lawyer that loses a case like this is negligent and should be disbared. :fire
it doesnt realy matter becasue all the guys sued for file sharing caved in a sec. it wont get to trail anyway.
Quite true, espcially if RIAA concentrates on picking on the less computer savvy filesharers.Originally Posted by my name
Insert sig image here
Since its inception almost 30 years ago, the internet has been transformed from a primitive device for sharing thoughts and ideas, into a massive network where people pay to connect and read advertisements they don't want, while calling each other "asshats".
Like I said, if people pay money and sign these confessional agreements, then they deserve everything they loose. The entertainment industry seems to feel they found a new way to make money, and they seem to be happy with the results. Its just like the gypsies going from town to town doing their scam roof jobs. Lots of people seem to buy them and then whine later when they find out they got took. You will never see me pay into any of this shit and I dont care how many people give them thousands and a confession. And they have to delete all mp3's as well and pay all over again to get them all back. Hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahah. This world is full of suckers and the **aa's know it. Death to all Suckers I say. They are like a cancer that saps the strength from the strong. I have sent my last dollar to **aa pitty victum web sites. I'm saving my donations for those that fight. :devil2
This is good news for proxy operators.
Not that they were in any real legal danger in the first place.
You know what I say? The RIAA can eat my ass.
I came up with a filesharing idea based on this defense a long time ago....people scoffed and laughed, but I knew the idea of "plausible deniability" would work.
CAPITAL punishment for infringement is a CAPITAList's dream.
Posting Permissions
Reply With Quote
Bookmarks