At 06:07 PM 1/10/2004, Daniel Pelstring wrote...
The administrator doing the blocking would be in the clear, since
they are authorized to access this computer (and are in fact authorized to
change this information, even if you disagree with the change.)
The law prohibits "intentionally cause[ing] damage without authorization, to a
protected computer." The MX is not the "protected computer" in the discussion
at hand. The "protected computer" is the computer of the email addressee. The
MX is merely an intermediary.
By the logic you present, one could argue that no violation (of this law) would
be present for hacking a backbone router and inserting a filter which dropped
all incoming packets bound for any next hop, since that router would not be
"damaged" under the definition given by 18 U.S.C. 1030, the "damage" only
occurring external to that router.
The
provider of a blocking list would not have accessed this computer at all,
since they did not make the change. The desires of the intended recipient
do not matter at all under this law, as they do not own the computer on
which the change was made.
The change interferes with the delivery of email to a "protected computer,"
i.e. the computer of the person to whom the email is sent. The ISP's mail
exchanger is simply an intermediary.
The RBL and DUL are quite clearly (and openly) designed and intended to be used
to implement denial of service. Doing so with the explicit authorization of the
email recipient would be legal.
Using MAPS RBL and/or DUL is an act which "knowingly causes the transmission of
a program, information, code, or command, and as a result of such conduct,
intentionally causes damage ['impairment to the integrity or availability of
data, a program, a system, or information'] without authorization, to a
protected computer," a violation of 18 U.S.C. 1030. The "protected system" is
the email addressee's, not the ISP's. If a recipient is not receiving desired
email due to ISP use of the MAPS system, the ISP is guilty of unlawful denial
of service. Not only the ISP, but also MAPS, is guilty of knowingly and
intentionally damaging a protected computer.
A person may authorize, indeed ask, that spam be blocked upstream. With such
authorization, an ISP is clearly free to block spam email. As I have already
pointed out, it is irrational to claim that a addressee has authorized that
_desired_ email be dropped. I have encountered exactly that situation due to
use of the MAPS DUL.
The MAPS system does not, and cannot, distinguish between spam email and
legitimate, addressee desired email. It is a brute force system which throws
the baby out with the bathwater.