[LWN Logo]

Date: Thu, 14 Jan 1999 23:24:05 -0700 (MST)
From: mea culpa <jericho@dimensional.com>
To: InfoSec News <isn@repsec.com>
Subject: [ISN] Norway Court Backs Internet Hackers


Forwarded From: telecon <telecon@dimensional.com>

03:15 PM ET 01/13/99
Norway Court Backs Internet Hackers
By DOUG MELLGREN
Associated Press Writer

          OSLO, Norway (AP) _ Norway could become a haven for hackers
after its Supreme Court ruled that trying to break into a computer over
the Internet is not a crime until the system is actually breached, experts
said Wednesday. 
           In the decision, believed to be the first of its kind, the
court last month said those connecting a computer to the Internet must
expect that outsiders will seek ways to enter their system and that it is
the owners' responsibility to protect their computers.
           But critics said the ruling is comparable to allowing a burglar
to check all the doors and windows of a house for locks and not
prosecuting them until they actually break in. 
           In theory, hackers in Norway can now legally search computers
anywhere in the world for security holes. Such information could then be
passed on to other hackers for possible illegal use. 
           The ruling arose from a 1995 case against a company that
specializes in computer security. An Oslo-based company, Norman Data
Defense Systems, sought ways to break into the University of Oslo's
computers through the Internet for a news report by the Norwegian state
broadcasting network NRK. 
           Norman attorney Kai Thoergersen said in an interview Wednesday
that the company simply mapped holes in the computers' security systems,
without breaking in, tampering or stealing any information. 
           The university sued, and a lower court ordered Norman to pay
$13,500 for violating a law against hacking into computers. Norman
appealed, and the case reached the Supreme Court, which dismissed the
fine, partly because the company had not broken into the computer. 
           Norman claimed it did nothing more than what any Internet users
do each time they search the global network for information. 
           However, Arne Laukholm, director of Information Technology for
the University of Oslo, said the ruling opens the way for systematic and
malicious attacks on computers. He said protecting computers hooked up to
the global network against such hacking is difficult and expensive. 
           Dave Farber, a computer expert at the University of
Pennsylvania, called it ``a bad precedent'' that could allow hackers to
operate legally in Norway, even if their actions violated other nations'
laws. 
           The ruling was made Dec. 15, but the court did not publish its
basis for the decision until this month. 


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]