[rohrpost] US legal bug stops legal public domain scanner

knowbotic.research krcf@khm.de
Sat, 11 May 2002 18:34:51 +0200

CRACKED ..Minds of concern::breaking news...CRACKED

CRACKED at http://unitedwehack.ath.cx
CRACKED public domain scanner http://unitedwehack.homeunix.net/minds3/

The authority of the Internet service provider of the New Museum in NY 
stopped yesterday the
Public Domain Scanner, an installation and web project in the exhibition 

The public domain scanner has portscanned worldwide the servers of several 
hundred NGOs and media activists.
It has published the analysed security lacks of the scanned servers, but 
hides the net.adresses of the scanned
organisations and net actors.

http://unitedwehack.ath.cx ( mirror site in Cologne with some legal bugs, 
no active scanner any more)

Here is the outline of the contestation:

Port scanning is legal:
Port scanning is a frequently used tool in network security analysis, 
involving examination of a remote computer without accessing its programs 
or data. The port scan used in Public Domain Scanner do not test login 
passwords, create a significant amount of traffic, or access or alter any 
data on the scanned computer. In that sense, a port scan is similar to 
observing a house from across the street, and perhaps knocking on its front 
door, but not entering even if the door is opened.
Only one published opinion has considered the legality of port scans. That 
court held that such activity did not violate federal or state computer 
protection statues or other law. The federal district court for the 
Northern District of Georgia held that a party who conducted port scans of 
another party's computer systems did not violate the Computer Fraud and 
Abuse Act (18 U.S.C. s. 1030) [1], because he neither caused damaged nor 
gained access to the computers at issue. Moulton v. VC3, 2000 WL 3331091 at 
*6 (N.D. Ga., Nov. 7, 2000). Nor did the port scans violate state law, 
because they did not interfere with computer or network activity.
[1] The Computer Fraud and Abuse Act: 
[2] Moulton v. VC3, 2000 WL 3331091 (N.D. Ga., Nov. 7, 2000)
[3] Computer Crime and Intellectual Property Section, U.S. Department of 
Justice, Legislative Analysis of the 1996 National Information 
Infrastructure Protection Act: 
[4] Computer Crime and Intellectual Property Section, U.S. Department of 
Justice, Field Guidance on New Authorities That Relate to Computer Crime 
and Electronic Evidence Enacted in the USA Patriot Act of 

Knowbotic Research to Provider:
Knowbotic Research got informed that you want the New Museum to shut down 
our server inside their network.
Could you please inform me what are the reasons for this decision? We got 
informed that there was only one complaint until now
from an ISP concerning our Public Domain Scanner.
The museum has informed this ISP about the art project and as far as I 
know  this ISP showed afterwards sympathy for this project which does not 
obscure security issues in the network and provides a transparent plattform 
for this topic inside the artworld.
Is this one complaint the full reason to stop our project?

As you can see at our Acceptable Use Policy AUP, running security software, 
scans against machines you do not have permission to run them against 
cleary violates a number of provisions of our Acceptable Use Policy.
We are required by our upstream providers to carry these clauses, and can 
lose our access if we do not enforce them. I assure you, our enforcement of 
the AUP is nondiscriminatory, based soley on the nature of the violations, 
not the motives behind them.
Once again, let me repeat that this decision is based soley upon our 
contractual obligations to our upstream providers, and the desire to 
protect our reputation as a responsible ISP. In no way are we making any 
claims as to the artistic merits of the project.

Knowbotic Research: These provokes the question: Who is the net.constituent 
behind the upstream provider?

Open Law expert:
Your experience here is actually a very interesting part of the project. It 
demonstrates how private parties can exert control of the public domain 
well beyond what the law requires. Even with institutional support for your 
installation, you are often at the mercy of other economic actors -- the 
ISPs whom the museum and you depend on for connectivity, who in turn depend 
upon higher-up ISPs to preserve their connections to the Internet. Any 
player in this chain has the ability to break the connection and prevent 
you from displaying and contributing to the public discussion, based on its 
own feelings, contracts, and interpretations of the law, before any judge 
is called in to determine whether the activity is legal.

Curator Steve Dietz:
The fact that Minds of Concern is potentially undermined by the legal 
system in the form of a standard or "shrinkwrap" license the New Museum has 
with its ISP is not insignificant. It is precisely a legal bug and the 
strategy  by which so much of the public domain in the U.S., at least, 
escapes Constitutional and other legal protections by entering into 
[voluntarily?] contractual agreements that void and/or supercede these 
supposed rights.

Commment Mailing List Lachlan Brown:
Indeed, the distinction between assumed rights and legal guarantee of 
rights, public and private, residesin an interstitial state. Not a 'grey 
area' to be filled in between the public and private by new conditions for 
cyber' space, but a contest in which like a Venn Diagramme the  public and 
private vie over the terrain they both occupy.
Add to this the interests of several dozen States, thousands of public 
service institutions hundreds of thousands of companies and millions of 
users, well... . What would we call it? War? Wrestling? or Seduction? A 
Million times a million contests. Cultural confusion.These webs of the law 
are durable and have easy translation to the new media distributive 
terrain. Despite word play or administrative/bureaucratic assumptions of 
power. The really interesting fact is that States, institutions, companies, 
individuals, but not collectivities like artists, writers, coders, primary 
producers and so on, are beginning to 'stand-off' this terrain. We might, 
after all, consider a return to the question of the aesthetic, and then of 
policy, and thenof law over several years. It will become clear as we do so 
that we NEED insitutions, new institutions perhaps, that are able to host 
the work you do.