Punishing Security Breaches

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Monday April 26, 2010 @03:10AM from the it-has-to-happen dept.

Schneier has a story on his blog this morning about punishing security breaches. This one is in response to the tale of Gray Powell, the Apple engineer who left an important bit of technology in a bar recently. You might have heard of it. You also might have been on either the breacher or the corporate side. I'd hate to be in either position myself.

25 of 151 comments (clear)

Min score:

Reason:

Sort:

Gizmodo May Face Felony Charges by eldavojohn · 2010-04-26 03:10 · Score: 4, Informative

I caught a an article on NY Times that outlines the San Mateo police's options for prosecuting Gizmodo for purchasing the leaked iPhone. From the article:

California law prohibits the sale of stolen goods and states that a person who uses someone else’s lost property without permission may be guilty of theft.
And since it's over $950, it's a felony. Even if they didn't know it was stolen, they could face a lesser charge of "misappropriation of lost property" which is a crime but not theft. Charges haven't been pressed yet but the police say they're investigating the options.

--
My work here is dung.
1. Re:Gizmodo May Face Felony Charges by Thanshin · 2010-04-26 03:15 · Score: 5, Funny
  
  And since it's over $950, it's a felony.
  $950? That's nothing. Was there any song in the IPhone?
2. Re:Gizmodo May Face Felony Charges by Rogerborg · 2010-04-26 03:18 · Score: 5, Insightful
  
  Beat me to it.
  
  [Gizmondo] "didn't know this was stolen when we bought it."
  Riiiight. The difference between "found" and "stolen" is entirely in the mind of the... "finder". Heck, you can "find" a bike in the street... if you jump on it quick enough. Hang around gas stations, and you may "find" a car with the keys still in the ignition.
  Go into Gizmondo's office late at night - "find" an open window - and wow, look at all the gear just ripe for "finding". After all if it's not grasped tightly in someone's hand at that very moment, it doesn't belong to anyone, right?
  They paid $5000 for something that they knew - by their own admission - did not belong to the seller. If that's not dealing in stolen goods, then I don't know what is. You don't even have to know the law to be sure - a child could tell you that it's unethical and wrong.
  
  --
  If you were blocking sigs, you wouldn't have to read this.
3. Re:Gizmodo May Face Felony Charges by Pharmboy · 2010-04-26 03:27 · Score: 4, Insightful
  
  The question is: will they simply pay a fine, or will someone actually get to face a criminal charge? All too often (in the US) people get off free because the offense is blamed on the Corporation® and not the individual acting on behalf of the corporation. If this is knowingly purchasing stolen goods, then it should be treated like any other case of the same.
  
  --
  Tequila: It's not just for breakfast anymore!
4. Re:Gizmodo May Face Felony Charges by Yvan256 · 2010-04-26 03:37 · Score: 5, Funny
  
  Yes there was! Over 9000!
  And according to the RIAA, 9000 songs at 0.99$ each equals 5 billions in damages and 3000 years of prison!
5. Re:Gizmodo May Face Felony Charges by zero_out · 2010-04-26 03:39 · Score: 3, Insightful
  
  You don't even have to know the law to be sure - a child could tell you that it's unethical and wrong.
  Call me cynical, but law doesn't often follow ethics. There are so many instances where something is "wrong," but not illegal, for me to even begin citing them. Okay, I'll give you one. Adultery. Sure, there are some places where it is outlawed, but what percentage of instances does it fall into the realm of the illegal? At any time, if I were to have improper relations with a neighbor, I would not be breaking a law. It would be about as unethical as any civilized society could imagine, but not illegal.
  Back on the topic at hand, yes, it was unethical for Gizmodo to do this. Did they know it was illegal? Possibly, but not necessarily. Even if they did know, I'm sure they did a cost/benefit analysis, and determined that the benefit outweighed the punitive damages. What a wicked world we live in, where someone weighs the cost of doing something unethical, against the gains for doing it.
6. Re:Gizmodo May Face Felony Charges by carvalhao · 2010-04-26 03:41 · Score: 4, Interesting
  
  Well, since that model of iPhone hasn't been released yet, how can you prove that it's over $950?
7. Re:Gizmodo May Face Felony Charges by Thanshin · 2010-04-26 03:43 · Score: 3, Funny
  
  All too often (in the US) people get off free because the offense is blamed on the Corporation® and not the individual acting on behalf of the corporation.
  Just for reference, this:
  
  Kaffee: Did you order the Code Red?
  Col. Jessep: I did the job I...
  Kaffee: *Did you order the Code Red?*
  Col. Jessep: *You're Goddamned right I did!*
  
  doesn't work in real life.
8. Re:Gizmodo May Face Felony Charges by Sandbags · 2010-04-26 03:44 · Score: 4, Interesting
  
  They paid $5K for the STORY, as registered journalists, and only after discussing this with lawyers, and after both Giz and the device's finder BOTH contacted apple and apple DENIED the prototype being lost. Gizmodo acquired the device under the promise to return it to it's rightful owner should one come forward, and the person who gave them the device could not be blamed for handing it over to an organization with known internal ties at the company.
  Gizmodo never bought the phone, only the story. This has been upheld NUMEROUS times in local and federal courts. Thanks for playing...
  
  --
  There is no contest in life for which the unprepared have the advantage.
9. Re:Gizmodo May Face Felony Charges by SharpFang · 2010-04-26 03:50 · Score: 3, Informative
  
  The seller spent a pretty long time in the bar asking the patrons and the barman about the phone. He made it pretty certain this was a found item, not a stolen one and went to quite a bit of lengths to find the owner, and has a bunch of witnesses to confirm it.
  
  --
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
10. Re:Gizmodo May Face Felony Charges by Hatta · 2010-04-26 04:06 · Score: 5, Insightful
  
  There are so many instances where something is "wrong," but not illegal, for me to even begin citing them.
  There are also many instances where something is illegal, but not wrong.
  
  --
  Give me Classic Slashdot or give me death!
11. Re:Gizmodo May Face Felony Charges by stonewallred · 2010-04-26 04:20 · Score: 4, Informative
  
  Which ever one that allows the DA to charge you with a felony. Unless of course you are connected, then it is which ever one that allows the DA to charge you with a misdemeanor which he'll drop under a prayer for judgment. The amount of leeway a DA has is what makes the US legal system appear to be so uncorrupted when compared to the rest of the world. But the corruption lies within the system, at the level of discretion the DA and judges have.
12. Re:Gizmodo May Face Felony Charges by dj245 · 2010-04-26 04:43 · Score: 4, Funny
  
  I refer you to the landmark case of Keepers v. Weepers.
  
  --
  Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
13. Re:Gizmodo May Face Felony Charges by nanoakron · 2010-04-26 07:46 · Score: 3, Insightful
  
  Uncorrupt?
  The amount of leeway a DA has in laying charges, and the fact that they are elected to office, are precisely the reasons why the US legal system appears more corrupt than our own here in the UK. Placing all that power and discretion in the hands of one individual is like playing with fire - if you commit a crime that belongs on their 'pet hate' list, they may level tougher charges than might otherwise seem appropriate.
  Moreover, plea bargaining is a despicable idea in a supposedly free society, particularly when it amounts to nothing more than bullying and intimidation to extract a 'confession' (the plea) - and we all know confessions obtained under duress are entirely untainted don't we...This is why plea bargaining is rare in almost every other civilised nation.
Heard of it? by Yvan256 · 2010-04-26 03:13 · Score: 4, Funny

Gray Powell, the Apple engineer who left an important bit of technology in a bar recently. You might have heard of it.

No I have not! What is this "Apple" you speak of?
1. Re:Heard of it? by Thanshin · 2010-04-26 03:21 · Score: 3, Funny
  
  No I have not! What is this "Apple" you speak of?
  It's a fruit.
  You're welcome.
Too Bad We Don't Know Apple's Policies by eldavojohn · 2010-04-26 03:13 · Score: 3, Insightful

If someone wants to take something classified out of a top secret military compound, he might have to secrete it on his person and deliberately sneak it past a guard who searches briefcases and purses. He might be committing a crime by doing so ...

Are you joking? Try losing their security clearance, being court marshaled and a probable investigation into 1) what motive you had removing classified material 2) where it was going and 3) how many other violations you knowingly committed.

... the corporate rules might have required him to pay attention to it at all times ...

I've gotten a corporate laptop with semi-sensitive material on it about the company I work for. I was given it when I traveled to various states. The guidelines were very clear. From locking it in the safe when I left the hotel room to not leaving it in my car. While it's less likely that someone would show up at a bar with a laptop, this is outright out of the question. Regardless of how lax their security measures are you might misplace a phone while drinking so don't bring it drinking! If you want to or accidentally take it drinking, you're accepting the risks.

It'd be hard for me to imagine that Apple -- the pseudosecretive company that it is -- wouldn't have stringent policies in place. Still, firing Powell would look less than heartless. I'd be shocked if any company as big as Apple didn't have such policies explicitly spelled out.

--
My work here is dung.
1. Re:Too Bad We Don't Know Apple's Policies by Monkeedude1212 · 2010-04-26 03:30 · Score: 3, Interesting
  
  Yeah, I would place him as a mail-room clerk until he proves he can handle sensative information without releasing it to the public.
  You know, we get the occaisonal user who manages to get a trojan or a worm on their computer at work. When we get the request ticket in, first thing we do is remotely check their Browser history and cache. Generally it boils down to a Russian or Korean website that was visitted. In some cases, it gets referred to by a rollover ad on a legitamit web page, so we don't punish them, but there are other times when you see them visitting some chinese news blogs about a hundred times a week. In this even, we walk over, unplug everything, and take the tower away, telling them we need to clean it ASAP and we don't want to risk spreading the infection. You or I would know this is highly unlikely, I've never encountered malware that has spread to a network drive, but I wouldn't put it past black hats to do such a thing if they wanted. Then we spend the next day or two cleaning the machine. Yeah, it usually only takes a few hours, slave it on our AV machine. But the idea is to teach them a lesson about visitting those websites. After they've been without their computer for a couple days, we tell them where they got the virus from, and warn them not to visit those sites.
  It appears to be working.
  The only other situation of security we've really come across was some guy in another department who clearly knew a bit about computers. He managed to tunnel into his own VPN to get past our firewall to run bittorrent and download movies, which he burned onto disc and was selling them apparently. When the IT manager, (My Boss) found out he went into quite a fit, launched a full IT investigation of the whole building, and in the end, so many people in that department were found to be visitting sites they shouldn't be, that half the department was canned.
  I think it was a little overboard, but I guess the message was very clearly sent and recieved, that building has had no problems ever since.
2. Re:Too Bad We Don't Know Apple's Policies by Bing+Tsher+E · 2010-04-26 05:10 · Score: 3, Insightful
  
  Yeah, I would place him as a mail-room clerk until he proves he can handle sensative (sp.) information without releasing it to the public.
  That's sort of ironic, given that the job responsibility of a mail-room clerk is to handle sensitive information while releasing it to the public.
STOP ADVERTISING FOR APPLE by Anonymous Coward · 2010-04-26 03:27 · Score: 5, Insightful

Please stop these stupid articles about someone fucking up or planting a phone.
Stop it.
Stop advertising for them.
Re:Fired and sued by IndustrialComplex · 2010-04-26 03:28 · Score: 4, Insightful

There's only one way to take care of someone who leaks mission critical information.
First you fire them. No sense in keeping them around if they are going to fuck up like that.
Next you sue them for major damages. Make an example out of them.
Since a corporation has no way to punish someone with actual jail time, the next best thing is to make sure people think twice before making big mistakes again.
Then you wonder where all the job applicants went.

--
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
Re:Fired and sued by timeOday · 2010-04-26 03:39 · Score: 3, Interesting

Next you sue them for major damages. Make an example out of them.

In this case, what are the damages exactly?
For Now by FreeUser · 2010-04-26 03:40 · Score: 3, Insightful

Apple's got no trouble attracting applicants.
They might do, if they continue to grow a reputation for Stasi style tactics and policies that make Orwell look like an optimist. Which firing and suing this guy would certainly do.
How far Apple is from the tipping point of going from "a cool place to work" to "last chance saloon for those desperate enough and unable to get work elsewhere" is an open question, particularly in today's economy. But one thing is certain...they are closer to that point now than they were two years ago, and will be a whole lot closer still if they act in a vindictive manner toward a guy who simply made a mistake any of us could have made.
After all, who hasn't lost a cell phone at least once in their life? (A good reason to never volunteer to test prototypes, especially if your lifestyle includes the occasional pub visit)

--
The Future of Human Evolution: Autonomy
Re:Fired and sued by baKanale · 2010-04-26 04:00 · Score: 3, Insightful

Since a corporation has no way to punish someone with actual jail time
Because a world where that happens is a world I'm sure we'd all fucking love to live in.
Re:Lessons unlearned... by Yvan256 · 2010-04-26 05:47 · Score: 4, Funny

But the multitouch screen understands pinching! That would be a waste!