- From: Henry S. Thompson <ht@inf.ed.ac.uk>
- Date: Thu, 13 Oct 2005 11:40:59 +0100
- To: Tyler Close <tyler.close@gmail.com>
- Cc: www-tag@w3.org, Daniel Weitzner <djweitzner@w3.org>, Rigo Wenning <rigo@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I find this both chilling and incomprehensible. As I read the record (follow the various pointers back from [1]), the defendant in the case was sitting at a browser with something along the lines of http://donate.bt.com/tsunami/relief/appeal/confirmDonation.html in the address window of his browser, edited this to read http://donate.bt.com/tsunami/relief/../../../ and hit Return. For this he lost his job and has a criminal conviction. The apparently relevant section of the Computer Misuse Act [2] reads as follows: 1. (1) A person is guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that that is the case. How (c) could be said to apply in this case is beyond me. . . The issue for the TAG is surely that exploratory modifications of URIs are in a sense _invited_ by their very nature, and thus should never be describable as unauthorized -- by publishing http://www.example.com/a/b/c, I implicitly publish all path-transformed versions of that URL, don't I? Put that way, it sounds a bit extreme, but surely there's a substantial point at issue here which needs to be explored. . . I have to confess I have occasionally done something close to this, namely just repeatedly truncating a URI in the address window looking for a directory I can browse. . . At the very least it never occurred to me that I was running the risk of setting off alarms, much less of breaking the law . . . Danny, Rigo, is there a point here the W3C or the TAG should try to address? ht [1] http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ [2] http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm#mdiv1 - -- Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh Half-time member of W3C Team 2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk URL: http://www.ltg.ed.ac.uk/~ht/ [mail really from me _always_ has this .sig -- mail without it is forged spam] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFDTjm7kjnJixAXWBoRAtBeAJ4nCVk9I+UQ6l+Qlf6Nxu7vN8tOnQCcD0Wz oT8Q/uFyoIw8T1qhp+EwSVc= =job5 -----END PGP SIGNATURE-----
Received on Thursday, 13 October 2005 10:41:13 UTC