SUBJECT:  US legal bug stops legal public domain scanner
documentation

The authority of the Internet service provider of the New Museum in NY stopped yesterday the
Public Domain Scanner, an installation and web project in the exhibition Open_Source_Art_Hack
(http://netartcommons.walkerart.org/)

The public domain scanner portscans worldwide the servers of several hundred NGOs and media activists.
It publishes the analysed security lacks of the scanned servers, but hides the net.adresses of the scanned
organisations and net actors.

http://unitedwehack.krcf.org/ ( mirror site in Cologne with some legal bugs, no active scanner any more)
Here is the outline of the contestation:

Port scanning is legal:
Port scanning is a frequently used tool in network security analysis, involving examination of a remote computer without accessing its programs or data. The port scan used in Public Domain Scanner do not test login passwords, create a significant amount of traffic, or access or alter any data on the scanned computer. In that sense, a port scan is similar to observing a house from across the street, and perhaps knocking on its front door, but not entering even if the door is opened.
Only one published opinion has considered the legality of port scans. That court held that such activity did not violate federal or state computer protection statues or other law. The federal district court for the Northern District of Georgia held that a party who conducted port scans of another party's computer systems did not violate the Computer Fraud and Abuse Act (18 U.S.C. s. 1030) [1], because he neither caused damaged nor gained access to the computers at issue. Moulton v. VC3, 2000 WL 3331091 at *6 (N.D. Ga., Nov. 7, 2000). Nor did the port scans violate state law, because they did not interfere with computer or network activity.
References:
[1] The Computer Fraud and Abuse Act: <http://www.usdoj.gov/criminal/cybercrime/1030_new.html>
[2] Moulton v. VC3, 2000 WL 3331091 (N.D. Ga., Nov. 7, 2000)
[3] Computer Crime and Intellectual Property Section, U.S. Department of Justice, Legislative Analysis of the 1996 National Information Infrastructure Protection Act: <http://www.usdoj.gov/criminal/cybercrime/1030_anal.html>
[4] Computer Crime and Intellectual Property Section, U.S. Department of Justice, Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001<http://www.usdoj.gov/criminal/cybercrime/PatriotAct.htm>

Knowbotic Research to Provider:
Knowbotic Research got informed that you want the New Museum to shut down our server inside their network.
Could you please inform me what are the reasons for this decision? We got informed that there was only one complaint until now
from an ISP concerning our Public Domain Scanner.
The museum has informed this ISP about the art project and as far as I know  this ISP showed afterwards sympathy for this project which does not obscure security issues in the network and provides a transparent plattform for this topic inside the artworld.
Is this one complaint the full reason to stop our project?

Provider DTI:
As you can see at our Acceptable Use Policy AUP, running security software, scans against machines you do not have permission to run them against cleary violates a number of provisions of our Acceptable Use Policy.
We are required by our upstream providers to carry these clauses, and can lose our access if we do not enforce them. I assure you, our enforcement of the AUP is nondiscriminatory, based soley on the nature of the violations, not the motives behind them.
Once again, let me repeat that this decision is based soley upon our contractual obligations to our upstream providers, and the desire to protect our reputation as a responsible ISP. In no way are we making any claims as to the artistic merits of the project.

Knowbotic Research: These provokes the question: Who is the net.sovereign behind the upstream provider?


Wendy Seltzer, http://openlaw.org/
Your experience here is actually a very interesting part of the project. It demonstrates how private parties can exert control of the public domain well beyond what the law requires. Even with institutional support for your installation, you are often at the mercy of other economic actors -- the ISPs whom the museum and you depend on for connectivity, who in turn depend upon higher-up ISPs to preserve their connections to the Internet. Any player in this chain has the ability to break the connection and prevent you from displaying and contributing to the public discussion, based on its own feelings, contracts, and interpretations of the law, before any judge is called in to determine whether the activity is legal.

Curator Steve Dietz:
The fact that Minds of Concern is potentially undermined by the legal system in the form of a standard or "shrinkwrap" license the New Museum has with its ISP is not insignificant. It is precisely a legal bug and the strategy  by which so much of the public domain in the U.S., at least, escapes Constitutional and other legal protections by entering into [voluntarily?] contractual agreements that void and/or supercede these supposed rights.

Commment Mailing List Lachlan Brown:
Indeed, the distinction between assumed rights and legal guarantee of rights, public and private, residesin an interstitial state. Not a 'grey area' to be filled in between the public and private by new conditions for cyber' space, but a contest in which like a Venn Diagramme the  public and private vie over the terrain they both occupy.

Add to this the interests of several dozen States, thousands of public service institutions hundreds of thousands of companies and millions of users, well... . What would we call it? War? Wrestling? or Seduction? A Million times a million contests. Cultural confusion.These webs of the law are durable and have easy translation to the new media distributive terrain. Despite word play or administrative/bureaucratic assumptions of power. The really interesting fact is that States, institutions, companies, individuals, but not collectivities like artists, writers, coders, primary producers and so on, are beginning to 'stand-off' this terrain. We might, after all, consider a return to the question of the aesthetic, and then of policy, and thenof law over several years. It will become clear as we do so that we NEED insitutions, new institutions perhaps, that are able to host the work you do.
knowbotic research, 11.5.02

Information:
- Why do we show the vulnerability of NGOs and media artists?
- What is a Public Domain Scanner?
- What is Portscanning?
- Project Description
- Exhibition Context

Art, Media and Legal Issues:
- Artistic network practice on the bad guys space
- Open Law
- Fraud and Related Activity in Connection with Computers

Public Domain:
- For the Public Domain
- Giorgio Agamben On Security and Terror

- The Patriot Act
- Quality Security Tools

Credits:
knowbotic research in collaboration with Wendy Seltzer http://openlaw.org
, Peter Sandbichler (installation),
thanks to


Wolfgang Staehle +THE THING (Gisela Ehrenfried, Jan Gerber, Walter Palmetshofer),
Ania Kurowska, Richie Münch-Jindal, Marco Klingmann, Christoph Burgdorfer
Thomas Sandbichler, Ingo Guenther,
Tim Druckrey, Andreas Broeckmann,
Kunstsektion Austria, Rubbermaid Corp.,