pageok
pageok
pageok
The Rhetoric of Opposition to Self-Help:

I was just talking to some people recently about the question of "digital self-defense" — whether organizations that are under cyberattack should be free to (and are free to) fight back against attacking sites by trying to bring those sites down, by hacking into the sites, and so on.

I don't claim to know the definitive answer to this question; but I did want to say a few words about some common anti-self-help rhetorical tropes, which are sometimes heard both in this context and other contexts.

1. Vigilantism: Allowing digital self-defense (or, to be precise, digital defense of property), the argument goes, would mean sanctioning vigilantism; the nonvigilante right solution is to leave matters to law enforcement.

Yet the law has never treated defense of property as improper "vigilantism." American law bars you from punishing those who attack you or your property, but it has always allowed you to use force to stop the attack, or prevent an imminent attack. There are limits on the use of force, such as the principle that generally (though not always) property may be defended only with nonlethal force. But generally speaking the use of force is allowed, and shouldn't be tainted with the pejorative term of "vigilantism," which connotes illegality. (Black's Law Dictionary echoes this, defining vigilantism as "The act of a citizen who takes the law into his or her own hands by apprehending and punishing suspected criminals.")

2. Taking the Law Into Your Own Hands: Critics of self-defense and defense of property also sometimes characterize it as "taking the law into your own hands." This too implies, it seems to me, extralegal action, through which someone unlawfully taking into his own hands power that the law leaves only in law enforcement's hands.

Yet the law has always placed in your own hands — or, if you prefer, has never taken away from your own hands — the right to defend yourself and your property (subject to certain limits). By using this right, you aren't taking the law into your own hands. You're using the law that has always been in your hands.

There are many reasons the law has allowed such self-defense and defense of property: It's generally more immediate than what law enforcement can do; even after the fact, law enforcement is often stretched too thin even to investigate all crimes; sometimes law enforcement may be biased against certain people, and may not take their requests for help seriously, so self-help is the only game in town. There are also reasons to limit self-defense and defense of property (I'll note a few below). But let's not assume that self-defense and defense of property somehow involve unlawful arrogation of legal authority on the defenders' part. Rather, they generally involve legally authorized exercise of legal authority.

3. But the Statute Has No Self-Defense Exceptions: Ah, some may say, perhaps in the physical world you have the right to defend yourself and your property — but the Computer Fraud and Abuse Act secures no such right, so whatever one's views on self-help, the fact is that self-help is illegal.

Yet, surprising as it may seem to many, self-defense and defense of property may be allowed even without express statutory authorization. These defenses were generally recognized by judges, back when the criminal law was generally judge-made; and many jurisdictions don't expressly codify them even now. Federal law, for instance, has no express "self-defense" or "defense of property" statute. The federal statute governing assaults within federal maritime and territorial jurisdiction simply says, in part,

Whoever, within the special maritime and territorial jurisdiction of the United States, is guilty of an assault shall be punished as follows ....
(4) Assault by striking, beating, or wounding, by a fine under this title or imprisonment for not more than six months, or both.
(5) Simple assault, by a fine under this title or imprisonment for not more than six months, or both, or if the victim of the assault is an individual who has not attained the age of 16 years, by fine under this title or imprisonment for not more than 1 year, or both.
(6) Assault resulting in serious bodily injury, by a fine under this title or imprisonment for not more than ten years, or both.
(7) Assault resulting in substantial bodily injury to an individual who has not attained the age of 16 years, by fine under this title or imprisonment for not more than 5 years, or both.
Assault is generally defined (more or less) as "any intentional attempt or threat to inflict injury upon someone else, when coupled with an apparent present ability to do so, and includes any intentional display of force that would give a reasonable person cause to expect immediate bodily harm, whether or not the threat or attempt is actually carried out or the victim is injured." The federal criminal code thus on its face prohibits all assaults, including ones done to defend one's life. Yet self-defense is a perfectly sound defense under federal law — because federal courts recognize self-defense as a general criminal defense, available even when the statute doesn't specifically mention it.

Likewise, federal law generally bans possession of firearms by felons, with no mention of self-defense as a defense. Yet federal courts have recognized an exception for felons' picking up a gun in self-defense against an imminent deadly threat, again because self-defense is a common-law defense available in federal prosecutions generally.

Given this, a federal statute's general prohibition on breaking into another's computer doesn't dispose of breakins done in defense of property against imminent threat — just as federal statutes' general prohibitions on assault or on possession of a firearm by a felon don't dispose of assault or possession done in defense of life (or sometimes property) against imminent threat. Federal criminal law already includes judicially recognized and generally available self-defense and defense of property defenses, even when the defendant is prosecuted under a statute that doesn't expressly mention such defenses.

There still remains a good deal of uncertainty about how the defense of property defense would play out in any particular digital strikeback situation, and I suppose it's possible that courts might even decide that it's categorically unavailable as a matter of law in computer breakin cases (though it would be unusual, given the general availability of self-defense and defense of property defenses). But it is a mistake to simply assert that such a defense is unavailable simply because the statute doesn't mention it.

* * *

All this having been said, I want to stress that there are plausible arguments in favor of prohibiting digital self-defense (either criminalizing it or making it tortious), and reasons to be skeptical about easy analogies between digital self-defense (or, more precisely, defense of property) and physical self-defense. It may be, for instance, that there's more of a risk of error in digital self-defense cases, in that you might disable, directly or indirectly, a computer that's not actually attacking you. (Say, for instance, you're defending against a worm by launching a counterworm; there's more risk of massive damage to many third parties from an error in the counterworm than there is in a typical situation where you're confronting someone who's trying to run off with your bicycle.) It's also not obvious what should be allowed when you're going after a computer that is attacking you but only because it's been hijacked. Should that turn, for instance, on whether the computer's owner was negligent in allowing the computer to be hijacked?

It's also not clear how the general principle that defense of property must generally be nonlethal should play out — what if you're under attack using a hijacked computer that belongs to a hospital, an airport, a 911 center, or some other life-critical application? Is disabling that computer potentially lethal force, because it may have lethal consequences? How can you tell whether the computer is indeed running some application on which lives turn?

It's therefore not obvious whether the law should criminalize most or all forms of digital self-defense, criminalize some and make others tortious, leave it entirely to the tort system so long as the actor sincerely believed (or perhaps reasonably believed) the actions were necessary to defend his property, or whatever else. Some limits on digital defense of property may well be proper, especially if we think that on balance allowing such defense would lead to too much harm to the property of third parties. But we need to analyze things carefully, by asking some of the questions I noted in the last few paragraphs — not just by condemning digital self-defense as vigilantism, as taking the law into one's own hands, or as clearly illegal under current computer crime law.

Thanks to Warren Stramiello, a student whose paper first alerted me to the defense of property analogy; and note this Journal of Law, Economics & Policy symposium on the subject, which is available in volume 1, issue 1 of the Journal, but unfortunately not on the Web. (Participants included our very own Orin Kerr, as well as my incoming colleague Doug Lichtman.)

JohnAnnArbor (www):
I read a few years back (reference not handy) about some Dept. of Defense techies that repelled an attack on Pentagon computers, then hacked the attackers. When they proudly reported their exploits, they were informed of a bunch of laws they had broken, at least in theory. Including posse comitatus.
4.11.2007 4:34pm
Ken Arromdee:
If someone steals a pack of gum from you and runs into their house, are you allowed to break into their house to steal it back? What if you claim that when you're breaking into someone's house to take your pack of gum back, it's "self-defense of property"? What if the guy enters his house, and starts chewing your gum by the window where you can see him, so you know that barring immediate action, your gum will be gone (making it resemble an imminent threat)?
4.11.2007 4:40pm
Zathras (mail):
There is a difference between using defense while the theft is taking place and using "defense" after the theft is completed Defense of property is valid in the first case but not the second.
4.11.2007 4:47pm
Jake (Guest):
If you go with the deadly force analogy, presumably hospitals can use deadly force to prevent ongoing denial of service attacks against life-saving computers. I'm not sure if that really works.

It seems like the sort of counter-hacking discussed here is a little more proactive that most defense of property cases.
4.11.2007 5:04pm
logicnazi (mail) (www):
I think Ken is on to something here. In the physical world a counter-attack is often the best form of defense. If someone is trying to shoot you the most effective way to stop them is to shoot them. This simply isn't true in the electronic world.

If you are suffering from a digital attack and have figured out the (real) IP address the attack is originating from the most effective means of defense is to block that IP address. The only reason you might want to counterattack is to get revenge or to deter future attacks. On the other hand if you aren't sure it is the real IP address the counterattack is likely to hit an innocent individual.

I think you got it right on about the risk of misidentification. Forging packets and making the receiver think they came from the location you wish to have attacked are a common trick used in computer hacking. As a pure policy matter we should not allow computer counterattack by unaccredited private parties since it is more likely to aid computer hackers than to deter them.

Ultimately I think the answer is no at least and until we have some sort of compelling certification program for computer experts. I think it would be good and reasonable to let the real experts counterattack, provided they are diligent and careful, but at the moment there is no way to distinguish these individuals from script kiddies or pseudo-experts in the law.
4.11.2007 5:09pm
Eugene Volokh (www):
Ken Arromdee: Here's what the Model Penal Code § 3.06(1) says as to your hypo: "the use of force ... toward the person of another is justifiable when the actor believes that such force is immediately necessary ... to retake tangible movable property ... [provided that] the force is used immediately or on fresh pursuit after such dispossession."

I should note, though, that the typical digital self-defense scenario I've heard discussed involves an attempt to stop an ongoing attack, not an attempt to somehow recapture property taken in a just-finished attack.
4.11.2007 5:09pm
Viscus (mail) (www):
I think there is a huge difference between saying that self-defense should be read into a statute punishing a traditional common law crime like assault, and saying that an entirely different animal, "digital defense," should be read into a modern statute punishing a crime that didn't even exist before in our common law tradition.

This point is reinforced by EV's acknowledgment that "digital defense" is very different from other sorts of defense, because the consequences of aggressively shutting down another computer are unknown. If someone is running off with your bike, and you somehow catch them before they get going, throwing them off the bike, you can be pretty sure that they are probably not going to be seriously injured, or, if they are somewhat injured, those injuries are foreseeable -- in general, you are in a reasonable position to judge whether the force you plan to use is reasonable, given the threat. You can be even more sure that a third party will not be harmed. Digital defense, as EV acknowledge, is different. In the case of attacking and shutting down an unknown computer, it is completely unknown who will be harmed and what the extent of the harm will be. Indeed, it even possible that the computer you attack could be performing a life saving function. (Maybe the person using the computer uses it as their phone and is calling 9-11. Maybe they have been hacked into, and are unaware that there computer is a problem for others. Maybe the computer in question is in a hospital, and shutting it down will prevent access to life-saving medical records.)

From a policy perspective, there might be some partial fixes to such a problem. For example, reserving certain IPs to certain critical computers, where digital defense is not allowed. But clearly, such a policy mitigating the harm from "digital defense" should be made in a legislature, not by a court. Without such mitigating policies, maybe "digital defense" is not desirable. Maybe even with such policies, it is not desirable. But one thing is for certain, this is precisely the sort of decision that should be made by a legislature.

In light of the massive difference between "digital defense" and self-defense, for the judiciary to read a right to "digital defense" into the statute would be serious judicial activism. Common sense would allow a court to infer that a legislature would not want to punish assaults in self-defense, given the common law's long recognition of self-defense and absent an overwhelming cultural shift. In contrast, no such inference can be reasonably made about legislative intent concerning the desirability of a new-fangled "digital defense" provision. Especially where, as EV acknowledges, the desirability of such a defense is much more questionable.

I agree with EV that "digital defense" is complicated, and that reasonable policy decisions could go either way. Precisely for this reasons, courts should leave the decision to the legislature. Absence should be taken as lack of authorization in this case, since "digital defense" has no common law history.
4.11.2007 5:10pm
logicnazi (mail) (www):
Also I noticed a distinct lack of examples of judges reading in a common law right of defense to properties in your post. Are you sure that judges are willing to read in the right to defend one's property and not just the right to defend one's self or other people?
4.11.2007 5:11pm
Eugene Volokh (www):
Logicnazi: Yes, I am sure. The defenses are generally treated together (check the Model Penal Code, various criminal codes, or any criminal law treatise). They were all created by judges. Jurisdictions, such as the federal government, that don't codify defenses don't codify any of them, and courts continue to apply them. Federal law, in particular, recognizes defense of property, even when the criminal statute makes no reference to any such defense. See, e.g., United States v. Gettings, 75 Fed.Appx. 670 (9th Cir. 2003).

Such cases arise relatively rarely under federal-law, compared to self-defense cases, I suspect because defense of property generally doesn't authorize the use of deadly force, and because use of supposedly defensive nondeadly force is less likely to draw a federal prosecutor's attention than the use of supposedly defensive deadly force. But there's no doubt that defense of property is a well-established defense in all American jurisdictions, including in federal court, and that it operates even in those jurisdictions that have not codified the criminal defenses.

Viscus: As to leaving the matter to the legislature, it's hard to see what this means. When Congress enacts federal criminal law, it enacts it against a background legal regime in which common-law defenses are available. Given this background legal regime, it's hard to see why Congressional silence should be interpreted as a rejection of the defenses, as opposed to their acceptance. Nor is it clear that defense of property using computers is a completely "different animal" than defense of property using one's hands, using a stick, or whatever else. It's defense of property; we might conclude that it should be forbidden for some public policy reasons, but defense of property is what it is.
4.11.2007 5:30pm
AF:
Prof. Volokh, you cogently point out that certain "anti-self-help rhetorical tropes" are misplaced, but then structure your whole post around what can only be termed a "pro-self-help rhetorical trope" -- namely the term "digital self-defense." Just as calling digital self-help "vigilantism" assumes the conclusion that it is illegal, calling it "self-defense" assumes the conclusion that it is legal. The whole question is whether digital self-help is more like illegal vigilantism or legal self-defense -- a question that, as you point out, is best answered by close examination of the particular self-help technique and the relevant statutes, rather than by the loose use of "rhetorical tropes" taken from other contexts.
4.11.2007 5:37pm
Eugene Volokh (www):
Actually, my point is that digital self-defense (or, to be precise, defense of property) in the sense of fighting an ongoing attack is not at all like vigilantism, and pretty close to traditional defense of property. The question is whether some special attributes of digital self-defense should lead us to forbid it despite its being defense of property; and it's possible that they should. But when it comes to the closeness of the analogy, defense of property is quite close, and vigilantism is very far.
4.11.2007 5:51pm
Gerg:
Don't you have to be under some credible threat for self-defense to apply? Not merely a hypothetical one that you've already defeated?

The equivalent to most digital anecdotes would be seeing someone trying to open my steel reinforced medeco lock door with a Fisher-Price crowbar that I know will never work and taking that as license to launch an aerial bombardment of his home.

If someone does try to open my door with a working skeleton key then my defense systems will of course never notice it. They're only going to notice failed attacks.

The interesting case that might be relevant would be the DDOS attacks using massive bandwidth to take down sites. If you could hack into the control channel and shut down their attack then surely that would be self-defense.
4.11.2007 6:12pm
AF:
Actually, my point is that digital self-defense (or, to be precise, defense of property) in the sense of fighting an ongoing attack is not at all like vigilantism, and pretty close to traditional defense of property.

Gotcha. I didn't realize you were only talking about fighting ongoing attacks. I guess the analytical question would be what the term "ongoing attack" means in the digital context. For example, if you are able to locate the source of the attack and block it, is it still ongoing?
4.11.2007 6:26pm
Viscus (mail) (www):
EV,

I don't see how you can say it is the same. The person doing the "defending" cannot know the consequences of their actions nor who will suffer consequences.

There is no conceivable scenario where society would reject reasonable self-defense against assault or battery. Not absent a massive cultural shift. Liberals and conservatives agree, there should be self-defense (there might be arguments on the margins about whether their should be a duty to retreat when it is safe to do so, but no one questions the basic idea that there should be a right to self-defense). All 50 states, from the most liberal to the most conservative recognize self-defense.

It might be regrettable that Congress did not put self-defense explicitly into the Federal statute regarding assault, precisely because it leads some to confusedly think that because the courts have made the only reasonable decision they could interpreting this statute (recognizing self-defense) in the absence of statutory language, that in other different situations, they have a license to read any defense they want.

Merely reducing this animal, called "digital defense" to a defense of property, is inaccurate. Digital defense might be employed to protect property (among other motives), but that is not all it is. But this isn't considered self-defense. Think of it as (defense of property)+. Because it is more than the mere defense of property. It is also an action where unknown harm is inflicted upon unknown third parties. It is thus very different.

I just don't see how you could equate these two very different things. You already acknowledged that they are different. Is your argument that the differences don't really make a difference? That it is okay for courts to make these important policy decisions? I don't think so.

Here is but one proof that they are different.
(1) You (and most everyone else) do not question the wisdom of self-defense.
(2) You (and many others) do question the wisdom of "digital defense."

Is there a common law history of digital defense? Definitely not. Not when articulated at that level of generality. Why, in your view, is "defense of property" the right level of generality, rather than "digital defense?" Digital defense has the advantage of being more precise and accurate, and the term acknowledges that it is different from the sorts of "defense" that have occurred before. Which, in fact, is something that you acknowledge in your original post.

I don't buy your argument. In fact, in my view, any judge that bought your argument would be nothing more than a judicial activist. This sort of complicated technical decision that demands the sort of fact-finding best employed by legislatures, rather than courts. It doesn't take much expertise to determine whether "reasonable force" has been used in self-defense against, say, bike theft or battery. This decision about when "digital defense" is reasonable and should be allowed, in contrast, does take deep technical expertise. Any judge who thinks they know what is best in this area should consider resigning their post and running for the legislature. But what they shouldn't do, is become judicial activists.

I suppose what this disagreement dissolves to is whether "digital defense" and "defense of property" are different enough. You acknowledge that digital defense is different, after all. But I do not think this difference is just a matter of degree. I think it matters that the harm is unknown and the person who it is inflicted upon is unknown. (i.e. Tell the family of a person who dies because their medical record cannot be accessed due to a "digital defense" -- and who had nothing to do with the digital attack preceding this offensive "defense" -- that attacking the computer containing such vital information is no different than chasing down some guy who snatches your wallet.)

These two things are just obviously different. With self-defense, a known amount of force is used, with foreseeable consequences to the aggressor and third parties, against a known threat. With digital "defense" an attack is made with foreseeable consequences to a computer system, but unforeseeable consequences to both the aggressor and, most importantly, innocent third parties.

I am perfectly willing to recognize the reasonable use of force in defense of property. If someone snatches my wallet, they had better run fast. But, force is unreasonable when the consequences for third parties (which can be dire) and the number of third parties harmed are completely unknown. If "digital defense" is considered mere defense of property rather than another animal altogether, it should be considered unreasonable per se.

Imagine this. Someone continually hacks into my computer system. In fact, they are doing it right now. Not knowing how to perform a digital attack, I am sort of stuck. I have my computer expert friend come over, and he is able to determine the house that he believes is responsible for the attack. Alas, my computer expert friend thinks digital defense is unethical, does not know how to block ip addresses or do anything else to prevent the ongoing attack. The police are unavailable, having all gone to a donut convention. To prevent this continuing harm, which continues right up to this moment, I decide to go to the house where I believe the attack originates. I take a random weapon out of a bag without looking (it might be a nerf bat or it might be a machete). I ring the bell and the first person who happens to answer the door, well, I hit them with my randomly selected weapon, reasonably believing this will end the attack. Self-defense? Even when I randomly and unintentionally selected the machete? Or does it matter that I am inflicting an unknown harm on an unknown individual?

Obviously, there are great difficulties with any analogies, because we are equating what are essentially unlike things. The typical self-defense scenario is unlike what I have described above. In fact, I think that the difficulty with making analogies goes to why a court should leave this area to a legislature -- digital defense is not the same as chasing down a guy who has just snatched your wallet.
4.11.2007 6:44pm
Viscus (mail) (www):
EV writes,


The question is whether some special attributes of digital self-defense should lead us to forbid it despite its being defense of property; and it's possible that they should.


By "us" do you mean the courts? Why are the courts the proper venue to make this decision? If you really believe "digital defense" is more like "self-defense" such that courts should read digital defense into a statute that is silent on the same, how should courts go about making the complex policy decisions concerning when the defense should apply and when it shouldn't?? Isn't this decision just a little more complex than judging the reasonableness of using assault or battery in self-defense? How is a criminal defendant to know the difference between reasonable and unreasonable digital defense?
4.11.2007 6:55pm
Joshua:
Not 100% on-topic (it doesn't relate to computer self-help), but it's something I've pondered for quite awhile.

Prof. Volokh mentioned three common arguments against self-help. Regarding the specific case of lethal self-defense, I would add a fourth one (based on a misconception, mind you, but one that still gets bandied about a lot): It violates the attacker's Fifth and Eighth Amendment rights by depriving him of his life without due process, and also amounts to cruel and unusual punishment.

The Eighth Amendment portion of this argument relates to the notion of self-defense as vigilantism. I think the reason this notion has persisted as long as it has is because, from the dead assailant's perspective, it makes no difference at all whether you killed him in the heat of combat, or in cold blood after the fact. Either way, he's still dead, without so much as having been charged with, much less tried for, his crime, which may or may not have yet even risen to the capital level (since he obviously never succeeded in killing you). Furthermore, death is such a severe consequence that it's tantamount to a punishment, regardless of whether it was intended as such.

Of course, as I mentioned, this is all based upon a misconception, namely that private citizens are bound by the Fifth and Eighth Amendments. What I wonder is, are states whose laws sanction lethal self-defense still on the hook for constitutional rights deprivations committed by its citizens under said laws? Has this even been tested in court before? (Indeed, given the states' sovereign immunity, can it even be tested?)
4.11.2007 7:50pm
Fub:
The recent SpamHaus case is an example of what should have been a perfectly legal "digital self defense" (ie: no digital attacks on the aggressor's computer occurred), but for which US courts ordered the self defender shut down. That the complaining spammer lied in his SLAPP pleadings helped him considerably.
4.11.2007 8:03pm
Viscus (mail) (www):
Fub,

If this case is about "digital self defense" it of a different kind than discussed elsewhere on the thread. It should be kept in mind that the US Court in question did not reach the merits of the claim, but rather awarded a default judgment based on the acused spammer's claim that they were doing business in Illinois. Thus, in no way have Spamhaus's activities been declared illegal on the merits.

Very interesting case. Thanks for the link.
4.11.2007 8:52pm
Ken Arromdee:
I should note, though, that the typical digital self-defense scenario I've heard discussed involves an attempt to stop an ongoing attack, not an attempt to somehow recapture property taken in a just-finished attack.

So how does that apply to the hypothetical where a guy stole a pack of gum from me and is inside his house chewing it one stick at a time? That sounds very much like an imminent or ongoing attack to me.
4.11.2007 10:21pm
Bill Poser (mail) (www):
Although the distinction between self-defense and "taking the law into one's own hands" is well taken, I am curious as to how and when this distinction came into being, as I am not sure that it has always been the case historically. I'm thinking of early Roman law, where in the Laws of the Twelve Tables we have: Si nox furtum faxit, si im occisit, iure caesus esto. "If (a man) break-and-enter at night, if one should kill him, let him have been killed lawfully." My understanding is that this law did not merely license the use of lethal force against a nocturnal intruder into one's home if the intruder fought back, but if the intruder fled and was captured outside, the householder was still entitled to kill him.
4.12.2007 2:09am
Dan S:
A tangent here interests me, that of whether it's reasonable to target a zombie that's the proximate agent of an attack as a means of self-defense when it is property of a party not knowingly involved in the attack (at least directly). The analogy to more usual self-defense that leapt to my mind was that of the stolen car used in a crime. If a driver who stole that car tries to run me down, am I not justified (and legally protected) for shooting the driver and possibly in the process destroying the car? It seems that with existing law here in my state I would be protected. (IANAL) Can't say that would apply in other states where deadly force might not be allowed in self-defense.

The ultimate cause of the destruction of the car is not my action in self-defense, but the theft of the car by the one attacking me. The same would apply to counterattacks at zombies. Those who subverted them for the illegal use would be also responsible for any damage that resulted from that use, whether it occurred in a "self-defense" reaction to attacks originating (or passing through) there, or directly from the subversion. The owner might also bear some liability if they did not hew to best practices in defending those assests, I don't think there's much precedent here though (if any).

All this said, as one who does work in IT security, I can't see many situations (outside national security) where a counterattack would be the most sensible reaction. Taking out a nexus through which an attack passes in another country might make sense, expecially if that country's government is believed to be complicit.

But shooting the driver of a hijacked bus trying to run me down with 100 innocent passengers still aboard is a lot more problematical than doing it to a car with a driver and no visible passengers. Unless the bus was trying to run me down in the process of crashing into a depot with 10 more buses loaded with passengers to kill all of them. The compsec situation is far more apt to resemble the crowded bus than the single driver in the car situation. It may, however, be even closer to the bus with passengers used as a tool to destroy more buses with passengers. Except we don't usually have real life-or-death situations, just destruction of property (real or intangible). So that would mean something more like UPS or FedEx delivery trucks as weapons to destroy more to cause harm to a lot of individuals and businesses.

The very nature of computers as tools and the fanout resulting from the interconnectivity resulting from networking them make it something hard to compare to "real world" situations. And that means that it's hard for legislators to get a mental grasp on. And judges and juries.
4.12.2007 5:10pm
logicnazi (mail) (www):
Eugene: Thanks for the reply. I believed you that their was theory and common law history to back up your point but I wanted to know if it had been recognized by federal judges in recent history. Your 2003 cite clears that up, thanks.
4.14.2007 2:10pm