Re: [PEN-TEST] Implications for "Looking around?" [FBI confiscation of allegely curious student]

[Graeme Fowler <graeme.f () WEBFUSION CO UK>]

Nexus wrote:
> Add to that incident, the mass confusion and misunderstanding that
occurs
> when things cross international boundaries.   A port scan is not
illegal in
> the UK, for example and it may not even be against the T&C's of the
ISP (if
> even they care at all - try chasing some SLIP dialup user in
Russia...) and
> in the US, various state laws may or may not apply, or be overuled at
some
> point and so forth.   This can also add complications when
constructing
> NDA's and T&C's of Engagement Licences that also cross these
boundaries.
> The internet may be global, but not much else is ;-)

And here's another one worth thinking about (especially for those based
in the UK, like me):

What's the legality or otherwise of 'looking around' a system when the
traffic to and from that system traverses international boundaries,
*but* the machine is in the same country (or state)?

Many times I have done traceroutes to systems in the UK, from system in
the UK, only to have the traffic routed via New York, Amsterdam or other
such unlikely places... would the transit providers in those countries
have power to invoke prosecution?

[OT bit]
Also worth bearing in mind (UK again) are the implications of the new
RIP Act. If you as a sysadmin are asked by one of our law or
intelligence agencies to assist with an investigation, you are then
bound by law NOT to tell anyone about it. Ever. There is no time limit
on the restriction - it's total. Break it and go to jail... I'm sure
there's more to it that will/could affect us but I've yet to digest the
whole thing properly!

Graeme
--
System Administrator
WebFusion Internet Solutions