Adult Website Use At Work Leads To Hacker Conviction

safesorry notes that several sources are talking about a recent tale of woe about Richard Wolf, a lonely guy looking for love in all the wrong places. Wolf used his work computer to visit the Adult Friend Finder website and upload personal nudes to prospective "friends." Now he's been convicted under a "hacker" law targeted at employees who steal data or access information they shouldn't. "Richard Wolf acknowledged that his behavior was inappropriate when he used his work computer to upload nude photos of himself to an adult web site and view other photos on porn sites, but he didn't think he should be convicted of hacking for doing so."

What the fuck?

This is ridiculous.

Re:What the fuck?

[digitalunity]

We don't live in a world where news organizations do follow-up.

There's the sound bite. The 2 minute outrage. Then everyone forgets about it.

Delivering the news is only profitable while the news is still new. Follow-up is just too boring to be profitable apparently.

Re:What the fuck?

Putting anybody to a private prison equal to the profit. Do you remember those judges in PA?

Re:What the fuck?

[JCSoRocks]

This is particularly true for anyone that finds themselves in the media spotlight for months and is hyped as being guilty. Even if mountains of evidence ends up being used to exonerate them the damage has already been done. The media isn't going to bother to spend months clearing their name. They get a 15 second update, "John Doe was innocent." Most people never even hear it. I feel the same way about the tiny section dedicated to corrections in printed publications.

Re:What the fuck?

[linzeal]

News as a product in the US and increasingly elsewhere has been boiled down into politics, celebrities and disasters. No one cares about social problems united as a people because everything has been turned to a fine mush of partisan bickering amidst interchangeable political personalities. I guarantee that the average American can name more politicians than laws and supreme court decisions passed in his lifetime.

For one thing, it is time to put term limits on all elected federal offices. Secondly, we should have the right to elect at least a portion of the Supreme Court. Lastly, it might just be time to have a new constitutional convention and make sure those malodorous cunts do not take away more of our rights.

Re:What the fuck?

Your post is off-topic. The story is a followup. You might want to RTFA next time.

An Ohio appellate court has upheld the felony hacking conviction of a man who was found guilty of unauthorized access for misusing his computer at work.

This is on appeal. Not much more followup you can do than that.

Re:What the fuck?

I can't think of the word for this, but in the Middle Ages, pretty much any offense past blowing a nose in public was death, and the forms of death got worse and worse. The problem this created was the fact that because something small had such a heavy penalty, might as well be put to death for murder, so this resulted in people feeling they had nothing to lose by going to extremes.

That is a lesson that countries have seem to have forgotten with all these anti-hacker and anti-terrorism laws.

Re:What the fuck?

[Skrynesaver]

One of the downsides of election cycles is that they really only care about what happens in the next 3->5 years (adjust for your local conditions). As a result we see rampant "short-termism". No politician is going to go out of their way to sponsor legislation that isn't going to generate good press by the next election

Re:What the fuck?

[rbochan]

I can't think of the word for this, but...

I believe the word you're looking for is "bullshit".

Just fire him

[brkello]

I think losing your job would be punishment enough in this case.

Re:Just fire him

[QuantumG]

Bah. Those sites are banned because:

1) it clearly isn't work related.
2) everyone is afraid of sexual harassment laws.

and, let's not forget:

3) people will accept just about any conditions of employment.

Cause we're all slaves.

Re:Just fire him

[jollyreaper]

I think losing your job would be punishment enough in this case.

Absolutely. What he did would not have been illegal from home. You can stand in front of a mirror and make your junk move in circles all day long. Do it on your front porch and you get busted for public indecency.

If he's surfing porn from his cube, he can be fired. If he's sexually assaults a coworker, that's worth firing and prosecuting.

It's like drinking. Drinking at home is legal. Getting so hammered I black out and lose days is legal so long as I do it on my own time. Showing up to work hung-over can get me fired but won't put me in jail. Drinking on the job if I just sit at a desk can get me fired, no jail time. Drinking when driving my own car can get me jail time and so drinking while driving a company car can get me fired and jail time, that's fair. If I worked on the factory floor and people could be maimed or killed due to my negligence, jail time would be proper.

Pretty much anything that would put me in jail if I were doing it on my own time is fair game for putting me in jail on company time. But if it's not something that's prosecutable, don't prosecute, just fire the guy. But that also brings up the question of assholes trying to selectively get rid of someone. There's really not much you can do when management has it in for you. I've worked in happy companies and paranoid companies. The happy ones were great but in the paranoid ones once someone has decided they have it in for you, you're toast.

Most of us are criminals

[QuantumG]

Every geek worth his geek-badge has bypassed the company web-filter. According to this law, that's hacking. That whole "theft of services from office" part was overturned but only because they couldn't show his work had actually suffered from his actions.. whereas if all you do at work is post on Slashdot and your work suffers, you could be charged with a crime.

So yeah, basically, if you have an employer who is a big enough dick, most of us are criminals.

Re:Most of us are criminals

[lamapper]

I've never been filtered, and given a choice I would go work somewhere else. Any human worth their salt wouldn't put up with being treated like a dipshit.

Not that you know of.

Please see many of my other posts here on slashdot for links to actual articles on each and everything in this post. Its all documented elsewhere if you honestly care, just see my previous posts.

Unless you have a fiber optic back-door-channel last-mile-from your-home connection to the internet, in which case I want one too. You are most likely being filtered by your ISP. You simply are unaware of it.

American telcos think all their customers, you and I included, are, in your words, dipshit s. Anyone who defends them, certainly is one.

I doubt anyone in America, unless they:

• own a telco and their fiber path to/from the internet (of course there is still filtering capabilities by your upstream ISP / telco, its called Deep Packet Inspection)
• own a fiber optic trans-Atlantic cable (same issue as point above, filtering capability via upstream telco, with DPI.)

honestly knows to what level they are being filtered, throttled, and in some cases blocked from some sites on the internet.

All the American telcos have peering agreements and other relationships with each other. I have personally seen documentation, proprietary of course therefore I can NOT post it, that shows percentage ownership of one telco to others and vice versa. They are all in it together against all consumers. This is the only way they can spread FUD about the bandwidth scarcity myth and artificially continue to raise your monthly fees without giving you additional services.

And they pay princely sums, in lobbying fees, directly or indirectly to your elected officials so that they might continue to stick it to you and I!

They spend an estimated $15 million per week lobbying yours and my elected officials, and those numbers were only for Washington D.C, so the figure is much, much higher considering local elected leaders that have decision making power about whether or not to open up your local connections to the internet or not perpetuating a scarcity myth for no other useful purpose than to raise your monthly fee from whatever it is now to their target-for-every American range of $100 - $150 per month.

You can be filtered and totally oblivious to it. Honestly how would you know?

The only way you will ever be aware of filtering, throttling and other anti-net neutrality impacts of your internet access by American telcos is if you have accessed a website in the past and today you can NOT get to it. And you will still be unsure that you are being filtered or blocked from seeing that website until you can gain access to the internet via a different telco than the one you are currently being blocked by and see that the website is still there.

You will not see that your telco is forging packets to disrupt your internet access unless you are taking the time (and it takes time) to actually use a sniffer and monitor the flows of packets to/from your local area network in your home and your PCs.

If you are not using Linux, only 2% of the desktop market today per some sources I believe the reality is higher than that as you have to consider the source of the information and who they have access to, than you probably do not have access to sniffer software to monitor the packets to/from your PC.

The telcos terms of service, if they want to enforce them, can interrupt the service of 90% of Americans today. (I am being generous and over-stating what I believe here, that only 10% of American consumers ONLY have 1 PC at home attached to the interent at a time. I am sure that most homes have more than 2 PCs attached to the internet at the same time.) You say not so, here is a simple taboo. Are you allowing more than

Re:Stupid Law

[digitalunity]

Extrapolate that policy to it's finality. A company can decide at any time to change their policy and any use they don't agree with, pornographic or not, becomes a felony.

Watch out /.ers, it's a felony to browese at work now.

Re:Stupid Law

[BaronHethorSamedi]

While I agree that this sort of law has the potential for abuse, I think the summary in this case overstates the matter.

Quoted from the appellate court's opinion:

Upon review, we find that the crux of the state's "unauthorized use" case was based on the proposition that Appellant was acting outside the scope of his authorization to use the computer by engaging in criminal conduct, i.e. soliciting prostitution.

This wasn't so much about this guy sending naked pictures of himself as it was about him using his work computer to set up a rendez-vous with a dominatrix. The court determined that this was pretty obviously outside the boundaries of what you might reasonably expect to be able to do with your work computer.

That said, it's troubling that a misdemeanor (solicitation) can get double-whammied into a felony because it's done on company time, and that that's apparently at the company's discretion. And the potential for abuse is there. It doesn't look like the guy advanced constitutional vagueness arguments (probably because this isn't a great case for that). Eventually someone will be fired for surfing /. at work. Then we'll have an interesting case. :)

consulting a dominatrix is a misdemeanor?

[nurb432]

This is a joke right? How the hell can the government make that a crime?

May be silly, but its his choice.

Re:consulting a dominatrix is a misdemeanor?

[PAjamian]

Clearly you don't understand the difference between a professional dominatrix and a prostitute who simply dresses up and gives a light spanking.

Persecution, not prosecution

[unlametheweak]

The case began when Larry Wise, the Superintendent of the Shelby City Wastewater Treatment Plant, where Wolf was employed, was deleting old files from a work computer and found a nude photograph of Wolf.

and

Initially he was suspended while police investigated the case, but was promoted after he returned to work. He lost his job, however, when he was convicted of the charges.

The important question would be why his employer even phoned the police in the first place. This is one of those bizarre situations where it is obvious that the person was persecuted for a lifestyle choice and not for what he did or didn't do at work. As stated in the article, he would not have been prosecuted if he would have looked at horticultural Web sites [and uploaded pictures of flowers].

Re:Persecution, not prosecution

[SleepingWaterBear]

As stated in the article, he would not have been prosecuted if he would have looked at horticultural Web sites [and uploaded pictures of flowers].

Mod parent up! The hacking charge isn't the important thing here, this is! The law is being used in an an unbalanced fashion to persecute someone not because of the crime he committed, but because he doesn't conform to the social norms of the leaders of his community. This is disturbingly close to burning people at the stake because they don't share your beliefs, and should not be tolerated.

This man's life is going to be in chaos for years dealing with the results of this. The question to ask is, is that a fair punishment for someone who uploaded flower pictures from work?

Re:Persecution, not prosecution

[unlametheweak]

The statements you make (many of which are completely bogus and worthy of a Troll Moderation) do not necessitate the involvement of law enforcement (in this particular situation).

You have to know why the photograph was on your system. You have to know how it was being used.

I question the whole rationality of your statement (without trying to sound like a Troll, but just merely using Logic). I will elaborate; you do not have to know why a naked picture of an employee is on a companies computer system. Of course it is an oddity, and probably something that should be taken up my management and not by law enforcement. Nude photographs of adults are not illegal (or even of minors, necessarily, but that would be a tangent). Nude photographs of oneself are not even immoral (you need to trust me here and have some faith. Presumption of innocence isn't just a legal matter).

You can't take the man's word as gospel.

Of course not. Most people lie, but I always give people the benefit of the doubt unless or until I observe evidence to the contrary. It would be fair to presume that this supervisor is not a legal expert and probably only made the worst assumptions. I doubt if this supervisor would have realized that merely going to a Web site (and interacting with the people on it) that was not directly related to company business was illegal; hence the abusive nature of the supervisors behavior. Considering that (from what I've read from the article at least) nothing illegal could possibly be presumed (without going out of the way to consult a an aggressive lawyer with courtroom ambitions), nothing of a criminal nature should or logically could have been presumed. This is (at least) an over-reaction, and in a Democratic society shouldn't have even been given consideration by the courts (the abuse of the law here apparently trumps my assertions however).

You need answers and you need them now.

No offense, but that's a Bullshit statement. I need answers now all the time when I deal with the incompetency, immorality, and illegality of all the companies and bosses I have ever worked for. Of course I'm on the ass-end of the Totem-pole and the pecking order so my righteousness and logic will always get me fired and without job references. Your statement is unfounded.

The mayor won't be pleased when a secretary files a ten million dollar lawsuit for sexual harassment.

This is definitely a red-herring Troll. I will "risk" being down-modded by stating this. So be it. There is no evidence of sexual harassment here. There is however, implications of a fishing expedition on behalf of Management.

He will be even more unhappy when your man is arrested by the feds for soliciting minors on online

Another Troll. I will go out of the way and state that you should be down-modded because you are going out of your way to suggest unsubstantiated illicit behavior. The person who up-modded you should be punished through meta-moderation.

and he'll be really - royally - pissed off if comes out later that you tucked the photograph away and did nothing.

Another Troll. Use some logic. You are advocating fishing expeditions and witch hunts. You are an Asshole. I say this not out of spite, but merely as an observation. I will let the Moderators judge me.

Re:Persecution, not prosecution

[Kjella]

Here in non-freak country he'd probably be pulled aside an quietly disciplined for "misuse of company reesources" at most. Even in sue-happy sexually repressed US I figured it would be nothing more than a firable offense. Going from "found a nude picture" to "maybe soliciting minors online" isn't just jumping at conclusions, it's taking the Grand Canyon leap. So if I'm looking up baseball bats online, you'd better make sure I'm not planning to beat the ex-gf to death with it? Because like, that's so like the usual way the use a bat mmkey? The whole post and moderation makes me glad I don't live in the US, though of course I got other annoyances...

Re:Persecution, not prosecution

[Tuoqui]

1) He had legit access to the network. (as an Employee at the time)
2) He went to a website that probably ends up on everyone's spam ads. (God damn I'm thankful for Adblock Plus)
3) He stupidly posted a naked picture of himself. (Epically dumb move to do from the office)

Sorry but no hacking here, just a good load of stupidity. Quite possibly against company internet access policy and what not likely resulting in him being fired from his job but under no circumstance should the guy have been thrown in jail.

Re:Stupid Law

Let's let businesses come up with new felonies on the fly! Woo!

It's because of that stupid fucking judge in the whole MyFaceSpaceTubeBook teen suicide case. In that case, the judge ruled that a simple TOS violation was hacking under the way the anti-hacking statues are written.

Hopefully we will see enough of these moronic lawsuits that the courts will throw out the anti-hacking statues and put and end to the current system of selective enforcement.

Basically, right now ANY "unauthorized access or use" of any computer or network is punishable under anti-hacking laws. Of course they only prosecute those they don't like or have a beef with.

Re:wow! just wow!

[FooRat]

It's slightly dumb, but it's only as spectacularly dumb as you suggest if you honestly think he could've reasonably expected to be charged with a crime like this as a result. I think it's obvious that no reasonable person would expect that, and most people aren't aware of such laws either. It's only easy for you to see that because of the context you're reading it in, where you happen to know the harshness of the consequences.

What this law says is that if your company has a policy somewhere in its fine print that you can't access, say, Slashdot from a work computer, and you are caught accessing Slashdot, you can be charged with hacking as a crime. Does that really seem reasonable to you? I don't think so, I don't think any sane person thinks you'd be that much of a dumbass just for reading Slashdot on a work computer, but that is *exactly* what this law allows.

Obviously a law like this could be abused by a boss who just doesn't like you, or wants to extort anything from you in any other way (e.g. prevent you from leaving).

Re:You'd be surprised.

[Nethead]

No, it's because the wife and kids are at home. Mr Bigshot likely isn't the big-shot at home.

If Lawyers and Judges don't like it its criminal.

Lawyers (that includes Judges) can do anything they want to you and get away with it. They have erected a multitude of laws and offenses. You are going to be guilty of at least one even if they have to stretch it like they have here. One more reason the break their Guild.

I fully agree with Rasch.

[Jane+Q.+Public]

This is a classic example of an overly-broadly-worded law that is now being used to prosecute people to whom the law was never intended to apply.

WHENEVER your Congresscritters -- or eve City Council -- want to pass a law that is too broadly worded, oppose it. I did once, and was told "It will never be enforced that way." My reply was, "If it is not intended to be enforced that way, why was it written that way?"

When you give the government power to do something, eventually it will... even if that was not your intent. So make sure the intent is clear, and just do not give them powers that you do not intend them to use.

Personal Photocopying

[nurb432]

Isn't any different, and i don't see any jail time associated with that sort of act.

"Authorization"

[Sloppy]

DMCA uses the same trick. Circumvention (a thing you're never allowed to do) is defined as bypassing blah blah blah "without authorization."

Which sort of almost makes sense, except that the body that makes this law, isn't the party that grants/denies authorization, nor sets up a regulatory agency to do so. It's a third party, a private party. Who decides if you may or may not bypass a technological measure that limits access? Who decides when you can upload a nude picture of yourself? Not the government, not the people's elected representatives; they haven't prohibited or allowed either activity. Someone else decides.

BTW, the decision of granting/denying authorization need not ever even be communicated. It's bad enough that reading the legislation and case law won't tell you whether an act is illegal; the party who decides whether it's illegal or not, need not even tell you. In this particular case (uploading nudie pics to a hookup site), it seems .. well .. obvious that the user wasn't authorized to use the computer for that (though I guess sometimes "obvious" is in the eye of the beholder), but the end of TFA talks about how the policy was drafted but not distributed -- yet it was still enough for a conviction.

You might think that the safe thing to do, is always assume you don't have authorization to do something, unless you know that you do. Surely that makes sense, right? Nope. Look at any of your DVDs. Does a single one of them say you're allowed to bypass the protection? Every DVD player, even the DVDCCA-licensed ones, bypasses the protection. What you don't know, is whether that's circumvention or not -- whether your act of bypassing the protection was authorized or not. Millions of people have played DVDs. These things are for sale in mainstream brick'n'mortar stores. And if push comes to shove, no one who has ever used one, can prove they didn't break the law. All the copyright holder has to say, is "That wasn't authorized" and the case is open and shut.

Back to computer abuse acts: are you authorized to load example.com's page on someone else's computer? You probably don't know, and common sense might not help you.

When will you find out? When you ask what crime you've just been charged with. By then, it's too late. They came after this guy for uploading nudie pics. Piss them off, and they can get you for loading example.com's web page.

Congress has effectively ceded political power (!!) by letting these third parties, not Congress themselves and not the courts, decide whether a criminal act has occurred.

And we call this "law." Wow.

Stupid Law; Yes, but also a stupid lawyer

[DaveAtFraud]

I couldn't tell from the article whether the guy represented himself, just said, "Yes, I did it," or had a total boob for a lawyer in trial court. The bottom line is that the facts regarding lack of an acceptable use policy should have been presented at trial. Regardless of what he did, if the city hadn't established a policy that personal use of a city computer was forbidden and other people had gotten away with similar actions (e.g., uploading pictures to say FaceBook), his actions were not illegal or inappropriate. It is irrelevant that he uploaded nude photos of himself since there is no AUP that defines what sorts of personal uses are OK and what actions are forbidden.

It sounds like the lawyer handling his appeal has a better grip on this but this should have been disputed at trial. He may still be able to get out of the hacking conviction with the appeal (How can computer use be inappropriate when the city hasn't established what constitutes inappropriate use?) but he should have been fighting this a long time before it ever got to the appeal.

Cheers,
Dave

Re:It's a typo

[FiloEleven]

Man, I'm glad that we have Anonymous Coward to explain these letter substitutions for us. The funny thing is that in the two ACs here were probably the same guy.

Perspective?

[siloko]

Perhaps his boss reacted hysterically, perhaps his employers were unfair in their dismissal of him, perhaps the laws are being abused. but:

This is disturbingly close to burning people at the stake

Really?

Re:Perspective?

[taucross]

Saying this is disturbingly close to burning people at the stake is like saying uploading a picture is hacking.

Bah

[SmallFurryCreature]

In the netherlands there was an attack by someone on the queen during a national holiday. He did it by driving a his suzuki swift into a crowd killing several people. AND HIMSELF. His death was well reported in the media.

Yet some people are sending hate mail to a person whose picture was linked to the attacker by a newspaper and othe rpeople with similar names are receiving threaths. HELLO! The guy is DEATH! The moment your hate target answers the phone, and he answers, shouldn't that be a major clue that you got the wrong guy?

No matter what you do, even if you forced newspapers to follow-up or print the complete truth for once, you could never eradicate the idiots.

Re:Bah

[TheTurtlesMoves]

I'm with you on this one. It would be nice to have better media. But we have the media that the masses want. Its what we choose to read and believe thats the problem. The general public don't buy or read things that are not sufficiently sensationalized. But heres the real catch. It doesn't matter how "concerned" or alarmed they are, about the only action you get out of these people is a few strong words about "issues" at the pub.

Devil in the Details

[DarthVain]

Of which there are none.

Odds are his employer blocks those kind of sites.

Yes simply visiting them would be inappropriate, but not hacking.

However, if you were unable to visit them due to your network security infrastructure, and to do so circumvented your network security then yes, that is hacking.

Likely it was something simple like setting up a proxy at home, and doing it that way. Who knows perhaps he using something a bit more exotic. In this way he would compromise the security of his employers shared network for his own personal use.

There are a lot of websites that get blocked like facebook (thank god not slashdot!), and I have thought about doing this myself. Then again I am not stupid enough to actually do it. I will re-evaluate my decision when and if they decide to block slashdot (which won't happen anyway, as likely the network IT folks like access as well).

Anyway the guy is an idiot to be looking at this sort of thing at work...

this should go up the appeals ladder

[ffflala]

The trial court's decision was upheld by the OH intermediate court of appeals. This case screams for an appeal up to the OH Supreme Court. The statute as applied here seems to fit right into the void-for-vagueness doctrine, which the US Supreme Court described as follows:

"Vague laws offend several important values. First, because we assume that man is free to steer between lawful and unlawful conduct, we insist that laws give the person of ordinary intelligence a reasonable opportunity to know what is prohibited, so that he may act accordingly. Vague laws may trap the innocent by not providing fair warnings. Second, if arbitrary and discriminatory enforcement is to be prevented, laws must provide explicit standards for those who apply them. A vague law impermissibly delegates basic policy matters to policemen, judges, and juries for resolution on an ad hoc and subjective basis, with the attendant dangers of arbitrary and discriminatory applications." Grayned v. City of Rockford, 408 U.S. 104, 108 -09 (1972), quoted in Village of Hoffman Estates v. The Flipside, 455 U.S. 489, 498 (1982).

http://caselaw.lp.findlaw.com/data/constitution/amendment14/15.html#f8