Re: "The use of Metadata in URIs" and UK law from Henry S. Thompson on 2006-11-09 (www-tag@w3.org from November 2006)

From: Henry S. Thompson <ht@inf.ed.ac.uk>
Date: Thu, 09 Nov 2006 11:30:22 +0000
To: Ed Davies <edavies@nildram.co.uk>
Cc: www-tag@w3.org
Message-ID: <f5b7iy47t81.fsf@erasmus.inf.ed.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ed Davies writes:

> Section 2.2 of The use of Metadata in URIs
>
>    http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html
>
> incites the manipulation of URLs to obtain access to resources
> which has not been specifically authorized.  In the UK such
> access would be a contravention of the Computer Misuse Act
> 1990.  I know it's idiotic, but there's case law to support
> it.  Google for Daniel Cuthbert for a relevant case.

This is misleading.  It seems likely Cuthbert was the victim of a
miscarriage of justice [I at least am still waiting to see the
transcript of the actual judgement, rather than 3rd-hand summaries by
journalists], as a result of bad law, but his actions appear to have
gone somewhat beyond anything suggested or encouraged by the draft
finding, in that it's alleged that he constructed a URI with more '..'
stages than there were steps in the published URI he started from.

> Questions:
>
> 1. Should this TAG finding note this point?

Perhaps, but only if we have hard facts beyond press reports about the
actual judgement.

> 2. Can a TAG finding define or change the meaning of a URL,
>     an HTTP access or other protocol element in such a way
>     as to change the interpretation of the law in a country?

Certainly not (but IANAL).
>
>> Still, the ability to explore the Web informally and experimentally
>> is very valuable, and Web users act on such guesses about URIs all
>> the time.
>
> but also that it is an implicit part of running a web server
> to accept that such experimentation is legitimate then they'd
> be doing all of us a favour.

If I'm wrong and that's all Cuthbert did, then we should indeed say
more, but see above about establishing the facts before jumping in.

ht
- -- 
 Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh
                     Half-time member of W3C Team
    2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
            Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk
                   URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFUxFPkjnJixAXWBoRAm58AJoC6fOGPQBwdM5uWVoI6L5ME5I8gQCfUg0v
n6jdoGSBsZsXStec8DywBMc=
=Sye6
-----END PGP SIGNATURE-----

Received on Thursday, 9 November 2006 11:30:41 UTC