“A tiff between two IT contractors that spiraled into federal
court ended last month with a U.S. district court ruling in Georgia
that port scanning a network does not damage it, under a section of
the anti-hacking laws that allows victims of cyber attack to sue an
attacker.”
“Last week both sides agreed not to appeal the decision by judge
Thomas Thrash, who found that the value of time spent investigating
a port scan can not be considered damage. “The statute clearly
states that the damage must be an impairment to the integrity and
availability of the network,” wrote the judge, who found that a
port scan impaired neither.”
“It says you can’t create your own damages by investigating
something that would not otherwise be a crime,” says hacker defense
attorney Jennifer Granick. “It’s a good decision for computer
security researchers.”
“A port scan is a remote probe of the services a computer is
running. While it can be a precursor to an intrusion attempt, it
does not in itself allow access to a remote system. Port-scanning
programs are found in the virtual tool chests of both Internet
outlaws and cyber security professionals.”