[cap-talk] bundling designation and authority

[Sandro Magi]

Ian G wrote:
> Sandro Magi wrote:
> 
>> The links that were presented express DEC's intention to grant access 
>> to only these URLs.
>>
>> The defendant, being a computer expert, knew DEC's intention that only 
>> these URLs were authorized.
> 
> 
> But here is a group of computer experts
> that argue that this intention is not
> clear.  To be honest, I never thought
> that adjusting a link would be "unauthorised"
> and now that it has been stated, it's got me
> worried - am I still allowed to cut and paste
> a link and send it to a friend?  What happens
> if it has a cookie in it that identifies me,
> have I now done an Unauthorised Access?
> 
> We are in a time where the notion of
> "unauthorised link" is asserted by some
> but not widely known by the user base.

So-called "deep linking" is a similar result.

> In private property, there is a clear test of
> warning *and* effort.  Signs and fences have
> to be placed and even there if someone enters,
> there is no crime committed until after a further
> warning has been given *and* the person has
> had sufficient time to remove themselves.
> 
> (That's my understanding, but IANAL...)
> 
> The tests of private property are a good
> analogy and good logic because they stop the
> next step which is prosecution or violence
> being used on people making innocent mistakes.
> We do not need to walk the streets in mortal
> fear of being shot because we know that the
> law always gives us fair warning and fair
> time to correct any inadvertant mistake.
> 
> The analogy argues the case that the ruling
> was wrong because there was no warning.

If you are caught trying to gain entry to a locked building, regardless 
of how ineffectual your means or how half-hearted your attempt, is this 
not prosecutable? Even if all you wanted to do was "peek inside" to make 
sure the business was legitimate.

>> Indeed. But as I explained above, being a computer expert the 
>> defendant knew what he was doing, and knew that the URL might grant 
>> him information not originally intended to be granted to users. This 
>> is a violation of the law, as quoted in prior e-mails, regardless.
> 
> Well, again, we need to see where this "original
> intent" of granting information is.

Well, one could argue it's implicit in the pages served by the web 
server. The web of links clearly express the intentions of the website 
designers doesn't it?

> And we need to extract ourselves from
> resting on the crutch of "he was an expert therefore
> should have known better" as that then leads to the
> worse situation of penalising experts but "allowing"
> users to do one thing but "experts" to do another.

This already occurs. Where lockpicks are illegal, locksmiths are often 
permitted to own them.

> (As a matter of principle, saying that he was an
> expert would need to be shown, in law.  That's actually
> a lot harder than it seems as there is no widely
> recognised test, only wannabe tests.  And as we
> have all been kindly avoiding saying, the notion
> that ../../../ tells us anything about a website
> doesn't really speak to the quality of expert....)

Well, demonstrating advanced knowledge of the circumstances is 
sufficient. I used "expert" simply because his knowledge would be a 
superset of that required to be charged under the statute.

If anyone has a link to the actual ruling, I'd like to read it. We may 
simply be arguing in circles here.

Sandro