tags:

views:

2477

answers:

8

I know a lot of programmers use the word "hacking" to mean clever or skillful programming, but I'm referring to the more common meaning: computer crime. We all know that it's not only unethical and immoral to write code that will break into someone else's computer and use it against their will and interests, but it's also forbidden by law.

My question is, how is the prohibition defined, specifically, in the United States? I'm looking for the law(s) that says "If you do X to a computer that you do not own, or write a program that does X to a computer that you do not own, you can be arrested and face charges for it." Although probably with a bit more legalese involved in the wording. Specific citations would be nice.

(And before anyone asks, no, I'm not trying to see what I can and can't get away with. I'm trying to build a hypothetical case against some bad software, and I want to know if it's truly over the line or just annoying.)

+6  A: 

Well, you're actually mistaken about the meaning of "hacking" although you're right that the unauthorized access meaning has become common. I don't see any reason why we should let that deprive us of a term that has technical and cultural significance, however.

In any case, there's no legal definition of "hacking" per se: there are laws against, for example, gaining unauthorized access to a computer system, theft of services -- someone was just prosecuted for that for hacking cable boxes to provide free internet -- and things of that sort.

For a starter, read the Wikipedia article on "Computer crime".

Charlie Martin
http://www.catb.org/jargon/html/meaning-of-hack.html
Bill the Lizard
yeah, what Bill said.
Charlie Martin
@Bill- Thanks for the link, very entertaining read!!
phsr
A: 

i believe it goes like "unauthorized access and/or control of computer equipment and data"

Javier
A: 

"Unauthorized attempts to bypass the security mechanisms of an information system or network"

http://www.google.com.au/search?hl=en&q=define%3Ahacking&meta=

Jobo
A: 

This is a bit of an aside, but "programmers use the word "hacking" to mean clever or skillful programming" is incorrect. A hack usually means a kludge or ineloquent solution.

That said, security research is protected in the US. Otherwise all the defcon people would be in jail and those MIT kids wouldn't have been hired by the MBTA. As to when research becomes actionable legally, I think it depends on malicious damage.

EDIT: It seems some people disagree, but I am going to back myself up with wikipedia.

From wikipedia: "The word itself comes from the German word meaning "someone who makes furniture with an axe",[1] implying a lack of finesse in a "hack"; it is believed by many in the hacking community that the reason for this is because programs too large to run on the limited computer resources of the time had portions "chopped" or "hacked" out in order to be reduced to a more reasonable size."

Hacker has many meanings, several of which are complete opposites. But I believe this is the origin of the term. Hacker, as a programmer, can be simultaneously be a person who is clever AND implements a less then ideal solution. Due to the nature of early computing, just getting things to work sometimes took alot of creativity.

James McMahon
http://www.catb.org/jargon/html/meaning-of-hack.html
Bill the Lizard
Sez you. See Bill above.
Charlie Martin
A: 

repeatedly trying to hit the golf ball and missing...

Steven A. Lowe
No, that's a "Whack" underflow.
Jason Lepack
+6  A: 

Well, I've given this answer before, but: Stackoverflow is not a lawyer. Do not ask Stackoverflow legal questions. If you're worried that e.g., a program your employer is asking you to develop is illegal, consult a lawyer. Or find a new job.

Now, as for how it's defined in the US — and I'm not a lawyer, so take this with a grain of salt — each state has its own statute defining it, and there are also federal statutes. They usually talk about "unauthorized access" or the like. For example, one Federal law is the Computer Fraud and Abuse Act.

Oh, and see United States v. Lori Drew for a recent example. Or better yet, don't — or if you do, remember that Stackoverflow is not a psychiatrist.

derobert
No, nothing like that. I've got a perfectly legitimate coding job that I'm very happy with. This is unrelated.
Mason Wheeler
@Mason Wheeler: Glad to hear that! I'm afraid your question is going to be hard to answer, though. Because Congress passed some pretty unclear legislation.
derobert
A: 

not legal, but for my own understanding I have

Hacker: someone that illegally access a system/application and does not perform "bad things"

Cracker: the same as above but do harm :)

there are so many movies (everyone remembers the one with Angelina Jolie!), blogs, whitepapers about this, but this is my opinion :)

I do like to be called a hacker, cause here at the company I tent to break the VPN access and access our servers, and I always tell my employer to "fix" that so next time I can't access by that way.

balexandre
Classically, Hacker is a programmer, Cracker is someone who breaks into computer systems (regardless of harm). Hacker, through modern use in movies etc, has been revised to mean Cracker.
James McMahon
I think your thinking of white, grey, black hats. Good, neutral, bad respectively.
James McMahon
well, it was only my opinion on the subject :)
balexandre
"When you're the best, they call you cracker-jack!"
kent
A: 

I don't know about US law but I'll seize the opportunity to relate a stupidity in German law instead.

Germany has recently outlawed unlawful use and distribution of so-called “hacker tools” (and yes, they use the English words in the legal text, written as “Hackertools”). Unfortunately, they nowhere define what these ominous “hacker tools” actually are, and neither do they define “hacker” or even “tool.” This might seem trivial but it robs the law of any basis. Even worse, it allows for completely arbitrary assignments of the terms.

The law is ridiculous for two other reasons: first, it explicitly outlaws unlawful use of these tools. This is like outlawing use of guns for murder, or even outlawing crime. Impressive.

Secondly, it outlaws distribution (for whatever purpose) which, among others, prevents computer security experts and teachers from distribution these tools for educational purposes to their students, and for programmers to distribute these tools to their users and customers.

– Granted, slightly off-topic but it highlights the importance of legal definitions for such terms as “hacker.”

Konrad Rudolph