Ownership and Personal Computer Security
Oh, I’ll never learn.
So, I read a lot of blogs. Not a big surprise, really, all things considered. One of the blogs I track is the Houston Chronicle’s TechBlog. Recently, they ran a post titled “Spy on your spouse’s online habits, go to jail“. Now, as a currently unmarried person, you may think I don’t have a dog in that fight, but, well, I kind of do. Allow me to explain.
See, about three years ago, my now ex-wife was cheating on me with her latest husband. (in fact, tomorrow, it will be three years to the day that I told her I “knew” what was going on and she bolted rather than face up to any problems we were having.) I was tempted to install spyware, or do other kinds of traces, on her communications. And, I think I would have been within my legal rights, since the computer was in my house and, technically, shared property. Now, I’m not a lawyer, obviously, but as part of my job, I do have to be fairly up to date on legal issues regarding computer security.
It’s unclear from the article whether or not the man in Austin who got four years for installing spyware on his wife’s computer had physical possession of the PC in question, but I’d imagine not. Now, I got confirmation of my suspicions by reading a raw mail file on a server I rented space on. The account was one I paid for, but my ex-wife foolishly used to tell nasty lies about me. (And, yes, also some uncomfortable truths, but they were mostly obscured by the rather outrageous lies.) At the time, my lawyer’s office agreed with me that it seemed like I was legally in the clear when I read the e-mail file. Though we didn’t actually have to test the law, in general, I would have been considered the rightful owner of the file in question, ergo, I had the right to read it. And, ownership, to me, is the issue. If I own the computer in question, don’t I have the right to install software on it that captures information? In that situation, in a private residence, who has the right to expect privacy when using that machine?
In any case, I made comment and then, later, read some other comments on the post.
One person made some rather sweeping generalizations with which, naturally, I disagreed. A small, tepid debate ensued. The other commenter made comments about legality in an absolute sense, as in “…it is illegal to crack a password of another adult, for any reason, no matter where the software comes from – the guy is going to do 4 years in jail?” And, therein lies the rub. It’s NOT illegal to crack a password of another adult “for any reason”. There are, in fact, many legal reasons I’ve cracked passwords at work. For one, someone illegally locked files with a password to hold a company hostage. The company in question clearly had ownership of the password-locked files, but there was no way to recover the file without cracking the password. There are other examples, but any time someone starts talking in absolutes about the law, I know they’ve had no real experience with actual legal matters. A good lawyer can argue for a lot of exceptions to any law and, if they’re good enough, win. The fact that this guy is going to jail means that his lawyer couldn’t do that, if he even had anything more than a public defender. That’s all.
And, to me, the real question here is one of ownership. If I own the computer, I can install software on it to make sure it is being used the way I see fit. On the other hand, there is the question of a user’s expectation to privacy. If the user on the computer I own expects a certain level of privacy, for whatever reason, and hasn’t been informed otherwise… Well, let’s just say the law gets a little hazy at this point. Really, in most things legal, there just aren’t any absolutes. Ask a lawyer, they’ll pretty well tell you the same thing.
The other points that the commenter made about raising children and marital affairs leads me to believe that he is simply inexperienced or naive. When he wrote, “I guess how you raise your kids is your choice, unfortunately. None of mine have ever been in any trouble whatsoever so I will keep my ways going…”, it never occurred to him that his kids might be in trouble, but he hasn’t found out yet. Same thing about the state of his marriage.
Again, I’m not saying I’ve got the only answer, just that there isn’t any absolute answer to this whole issue. What’s more, he falls into the fallacy of ascribing meaning and intent to my disagreement that was not there. When he said that the better way to check up on your possibly cheating spouse was to have them followed by an “ex-cop”, I disagreed. Strongly. Being an ex-cop does not guarantee any level of success in trailing and catching a cheating spouse. And, while “pictures speak louder than words”, often, words from incriminating e-mail speak loudly enough.
Naturally, I don’t advocate breaking the law, but there’s a lot of question about where that threshold is in the digital world. And, simply trusting everyone you have a relationship with is, well, naive at best.
But, all that aside, I wrote this here because I had something left to say, but didn’t see the point of continuing the “discussion” over there.
Advice from your Uncle Jim:
"There is no try. Do or do not."
--Yoda
I am no lawyer, but reason would dictate that anything you do on someone else’s computer they can look at. I think that business has fairly well established that anything you do on a computer at work belongs to the business, and you can not expect any level of privacy. If you were spying on someone on THEIR computer, that would be different. If they are on YOUR computer, you should have the right, and responsibility, to know what they are doing on it! I’d bet the FBI doesn’t care whether it is you or someone you let use your computer doing illegal activities (ie terrorist activities, child porn, etc)
Comment by Cheri — 11/20/2007 @ 6:59 pm