Slashdot Mirror
Judge: No Privacy Expectations For Data On P2P Networks
An anonymous reader writes "A federal judge in Vermont has denied a motion to suppress evidence filed by three defendants in a child porn case. The three had alleged their Fourth Amendment rights were violated when police used an automated P2P query-response tool to gather information from their computers. That information subsequently led to their arrest and indictments. The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data."
nothing has ever been private on the internets.
... and shut case. Nothing to see here, move along.
So when AT&T made their iPhone subscriber list "available for public download" that implicitly gave people on the internet permission to access this private information? Oh wait, they sentenced Weev to jail time for that. I'm so confused.
And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.
Silly peasant, aristocracy have their own set of laws and courts.
"made the information available for public download..."
That is an interesting ruling. On that basis, all sorts of things would become legal.
If you run a service on the internet, you have no expectation of privacy of the data you serve. That sounds reasonable enough. But why then was weev imprisoned for downloading data from a publically facing web server?
If weev can be imprisoned for computer hacking by using a publicly facing server in ways not intended by the owner, why aren't the police here facing similar charges?
Give me Classic Slashdot or give me death!
The ruling is on, "made the information available for public download on a P2P network" there are plenty of private p2p services. If you make your information available to everyone then of course the police don't need to go through red tape to get that information. Non-story
/* TODO: Spawn child process, interest child in technology, have child write a new sig */
And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.
Kiddie porn pirates are not the problem, the problem are all the people involved in the production. If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.
When information is power, privacy is freedom.
my privates have been on the internet.
That is completely unrelated, that was a leak of information that was agreed to be held private by the contracts you agree to as a subscriber of their services. That guy essentially hacked the AT&T network. Yes it was their derpy techs who left the interface remotely accessible but just because you have the ability to obtain information does not mean you should and does not mean its legal. In this case they implied consent of making their information public by using that network, an AT&T customer did not imply consent of their information being made public.
AT&T iPad leak = Security Vulnerability Exploited
This = Disgusting pervs who are too lazy to use vpns and other means to hide their information
It would potentially mean it could be used as evidence against people without a search warrant. It certainly mean it could be used as evidence against AT&T if it showed evidence of a crime since they were the ones who made the mistake.
If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.
I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.
In this case they implied consent of making their information public by using that network, an AT&T customer did not imply consent of their information being made public.
AT&T implied consent of that information being made public by not implementing any sort of authentication. From TFA:
Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.
Give me Classic Slashdot or give me death!
I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.
I think the take-away here is that the MPAA and RIAA are steadfast in their support of kiddie porn producers.
When information is power, privacy is freedom.
by this line of legal reasoning ..
it would be reasonable to assume this federal judge would/should hold the same legal opinion for copyright and intellectual property claims for similarly posted and freely downloadable material ..
you're an idiot, these dummies specifically shared kiddie porn onto p2p networks from their computers and the cops only trolled that data that was shared out
you want privacy, close your door
IANAL, but there comes a point when every law reduces to some arbitrary judgment call. If I leave a box of donuts open in my closed (but not locked) office, I might expect coworkers not to eat any. On the other hand, leaving the same box of donuts in the break room makes that assumption unreasonable. In both cases, there is absolutely nothing stopping coworkers from getting to the donuts; society has decided that putting the donuts behind a door makes them my property, whereas putting them in the break room makes them everybody's.
Making something available via a Web server with no authentication is a bit like leaving the donuts in my office. Unless you checked, you wouldn't know they were there; I wasn't advertising their whereabouts. And even if you somehow knew they were there, the fact that I'm not advertising means that the social contract prohibits you from going and getting them without asking. The P2P network is a lot more like the break room - maybe you didn't know the social convention, but that doesn't suddenly mean you're entitled to complain about it. Learn from your mistake and move on.
I don't think you understand what Auernheimer did. The database wasn't "available for public download" It was exposed due to poor design and poor security. This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
I was just thinking that. Right on the money sideslash...
The entire intent of P2P sharing is "HEY GUYS I HAVE THESE FILES"
The intent of ATT wasn't "HEY GUYS I HAVE ALL THESE CUSTOMERS".
Are you saying that the pervs (I agree with the term if they are really users of C.P., which I don't know) were offering use of their p2p sharing resources for all purposes, including for law enforcement access? Because the way hacking laws are applied, the judge pays attention to the intent of the "maker-available" and not just to the question of whether it was published on the internet.
AT&T made their list available, the pervs made their media available. AT&T didn't want Weev to access (other people's) records. The pervs didn't want law enforcement to access their media.
It's not so different.
Weev took advantage of a poorly secured access on their part. That is hardly the same thing as putting something on a peer to peer network. It's akin to saying that just because someone secured their house with screen doors that they were okay with people taking their contents.
Now you can fairly criticize AT&T for poor security, and you can certainly criticize Weev for taking their data and publicizing it, but try to keep the criticism grounded in reality, eh?
IANAL, but there comes a point when every law reduces to some arbitrary judgment call.
A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently.
This discrepancy only demonstrates to what degree justice is lacking in the US. Justice is blind, but in the US corporations like AT&T get special treatment under the law.
Give me Classic Slashdot or give me death!
Weev took advantage of a poorly secured access on their part.
And the police here took advantage of poorly secured access on these guys P2P program. The only evidence that these guys intended to share this data is that the data was shared. The same evidence exists for AT&T's data.
It's the exact same thing.
Give me Classic Slashdot or give me death!
A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently
That's an opinion. Another opinion is that these are two different kinds of services intended for two different kinds of uses. In the donut example, one might hold the opinion that all company tables are behind some company doors; ergo, there's no difference between donuts in your office and donuts in the break room. That's a valid opinion, but possibly not a widely employed social convention. I suggest that this case is analogous.
The database wasn't "available for public download"
It most certaily was. Because the public did download it.
This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.
And what is the purpose of a web server?
Give me Classic Slashdot or give me death!
False analogy. This case is not controlled by copyright law. This is a fourth amendment case. Those two bodies of law have almost nothing to do with each other substantively (yes, there may be fourth amendment implications to how police investigate copyrights, but that's separate from the substance of copyright law). The question here is whether the defendants had a reasonable expectation of privacy in the data, not what they subjectively hoped people would do with it. If you grow weed in an open field, with a sign that says, "Cops don't look!" it doesn't matter that you subjectively intended to exclude police from seeing what was in the field. Your expectation of privacy, if you had any, was not reasonable.
Today's Sesame Street was brought to you by the number e.
If the defendant can make a good case that despite reasonable precautions, his computer was p0wned and he was unaware of it, AND but for the p0wning his files would not have been accessible, then it would be similar to someone claiming to be my spouse letting the cops into "our" house, whereupon the cops found my stash of contraband laying around in plain sight.
I'm not sure what the case law in that situation is, but whatever it is, it would seem to apply to a case like this if the computer were p0wned.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The entire intent of P2P sharing is "HEY GUYS I HAVE THESE FILES"
And if the files were accidentally shared? Then the intent was not there, and the police are commiting the same crime weev was convicted of.
The intent of ATT wasn't "HEY GUYS I HAVE ALL THESE CUSTOMERS".
And we're supposed to read AT&T's mind?
Give me Classic Slashdot or give me death!
Leaving pie on a window sill to cool vs. giving away pies.
If I leave a pie on my window sill to cool, you don't have a right to steal it. That AT&T data sounds like the pie to me.
If I left a pie on a table in front of the house with a sign that said, "free pie for anybody who wants it", and a health inspector came by and cited me for distributing food in an unsafe manner and/or without a permit, that'd be like putting illegal data on a p2p network.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
In other news, the Police also do not need a warrant to attend your public meeting. They don't need a warrant to read the book you published on the rack of the local bookstore. They don't need a warrant to browse around your open store in the local strip mall.
And they don't need a warrant to download data you offered up to any member of the public and browse through it to find incriminating evidence.
Another opinion is that these are two different kinds of services intended for two different kinds of uses.
What exactly is the meaninful difference between the two services? Functionally, they are identical.
That's a valid opinion, but possibly not a widely employed social convention.
You know what is a widely employed social convention? That unauthenticated web services are free to use by the public.
Give me Classic Slashdot or give me death!
(By the way, I'm referring to copyright law in terms of your "make available" argument, not weev.)
Today's Sesame Street was brought to you by the number e.
As I load my gun with 3 bullets.
You telling me your name is slidesash and you like kiddie porn is different than ATT telling people you are slidesash and your account number with payment info is X.
ATT put someone else's info out there. These guys put their own out there.
Shame I don't have mod points (they just expired). Please mod parent up.
I wonder how many of children are spared of abuse because the pervs had their impulses shunned by porn. Imagine if one day we discover that potential serial killers didn't act in the real world because they could express their anger / sadism / whatever in a virtual world, like in first person shooters.
I'm not trying to defend anything, just some food for thought.
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
the opinion linked in the summary is in regards to the deportation of a mr. gupta and has absolutely nothing to do with the case described in the summary.
Are you even aware of the particulars of the script kiddie attack that Weev did to get that data? It wasn't published in any kind of manner where you could get it without prompting for it.
By your logic just because someone has something on a web server they are sharing it with everyone. Let me guess, you think credit cards and health records are fair game too?
That unauthenticated web services are free to use by the public.
That's something of an oversimplification. Certainly, there are many high-profile unauthenticated web services which are intended to be free for the public to use. However, this doesn't necessarily mean that all are. Similarly, there are plenty of closed doors which are perfectly fine for the general public to open (doors to stores, public buildings, hotel lobbies, etc.), while there are plenty of doors that are not.
The difference is also fairly analogous: it's alright to open a door, or access a server, if the existence is advertised and the intention broadcast. Otherwise, by opening the door or using the service, you're opening yourself up to blame. Note that this doesn't apply to the article since P2P software effectively advertises its existence and the use of P2P software implies consent to access the contents... much like putting a "free donuts inside" poster on my closed office door.
This. Apparently Hatta doesn't understand what what Auernheimer did as well.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Didn't South Park have an episode parodying the idea of privacy in a public space?
They don't in the US, which is where Vermont is. They are likely to have better lawyers though.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Are you even aware of the particulars of the script kiddie attack that Weev did to get that data?
Weev wrote a script. In this case the police used "an automated P2P query-response tool". What's the difference?
By your logic just because someone has something on a web server they are sharing it with everyone
If you fail to put any authentication on it, then yes. How else is the web supposed to function?
Let me guess, you think credit cards and health records are fair game too?
If you post your credit card number on a public website, then yes it's totally fair game for me to download that information. Using that information to commit fraud is still illegal of course.
Give me Classic Slashdot or give me death!
It's akin to saying that just because someone secured their house with screen doors that they were okay with people taking their contents.
The problem with all these "crap locks/doors" analogies, is they fail to take into account the fact that the server is playing an active roll in giving me access to items that the owner of the server may or may not want me accessing. I think a better analogy would be a vindictive ex that still has access to your house. In that case, who is at fault? For all I know, the vindictive ex is perfectly within their rights to grant me access.
Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.
Certainly, there are many high-profile unauthenticated web services which are intended to be free for the public to use. However, this doesn't necessarily mean that all are.
The widely employed social convention is that they are.
Similarly, there are plenty of closed doors which are perfectly fine for the general public to open (doors to stores, public buildings, hotel lobbies, etc.), while there are plenty of doors that are not.
Tresspass laws require you post notice.
Note that this doesn't apply to the article since P2P software effectively advertises its existence
How is entering "preteen" into a P2P app any different than entering(e.g.) "http://att.com/db/user=43265" into an URL bar?
the use of P2P software implies consent to access the contents
Using a web server implies consent to access the contents.
Give me Classic Slashdot or give me death!
Whoever this AC arguing with you is, they should really consider reading the summary before digging any deeper.
Specifically, the last sentence, where the judge states that intent has nothing to do with the ruling (admittedly fucked up, but it does technically legitimize weez's access of the files AT&T made public-facing).
An enigma, wrapped in a riddle, shrouded in bacon and cheese
RFTS, dude:
The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data.
"inadvertently made public" == "did not intend to make public."
Intent has fuck-all to do with the ruling; per the judge, what these pervs did and what AT&T did are exactly the same thing.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
You know they had to do spoofing to get that information, right?
In other words, they had to trick(lie to) the server into thinking they where the iPad owner.
If AT&T had simple left a file with all the info in it on a public site that any person could get to it, there would have been no legal consequences for WeeV
The Kruger Dunning explains most post on
WeeV had to lie in order to gain access to the information.,
That's the difference.
The Kruger Dunning explains most post on
I would love to see you try say that to a judge in a court of law with a straight face.
WeeV's script was a spoof to gain access.
"If you fail to put any authentication on it, then yes. How else is the web supposed to function?"
AT&Ts site DID have authentication. WeeV wrote a script to lie about who he was. i.e. spoof.
"If you post your credit card number on a public website, then yes it's totally fair game for me to download that information. Using that information to commit fraud is still illegal of course."
Only if by public you mean anyone can openly connect by design, then you are correct. Just being on a webserver that is used by the public is different.
The Kruger Dunning explains most post on
From TFA, it stated that the defendants had files with the same hash value as known kiddy porn files. Now I know a hash collision is unlikely, but by its very nature it is possible. Since they did not download the file, how can they claim to have probable cause? That's kind of scary...
It doesn't require mind reading to know they don't want to having the files when you have to lie about who you are to get to them.
The Kruger Dunning explains most post on
How many kids got abused because pedos had their impulses inflamed by porn? And found a welcoming community of like-minded people to offer support, encouragement and advice? I think you're looking at this wrong.
You have to post trespass notices in places that otherwise appear public; like posting notices on the boundaries of your undeveloped property where the property line would not be obvious (especially in a place where you don't construct a physical fence, like the woods) .
You do NOT have to post a trespass notice on your front door, or garage door, or shed door, whether you lock them or not. OTOH a visibly-marked store does not have to post a "non-trespass" notice on *their* door. The contexts in the physical world are well understood. In places where it is ambiguous - for example, in New York City there are patios and sections of building lobbies that are legally "public space" in trade for other floorspace (or height), or because there are restaurants/stores inside - the "public access" must be posted.
The context online is still not as well defined, certainly not to non-technical people. The use of passwords would be a clear demarcation.
Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.
Of course their intent was not to incriminate themselves. But their intent was clearly to share this incriminating content publicly with other like minded kiddie-diddlers. Thus they made it public.
Your argument is like saying an illegal drug dealer that sells drugs to an undercover cop can't have the sold drugs used as evidence against him, because his intent wasn't to incriminate himself, but instead to sell the drugs to proper drug users.
Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.
Actually, probably not. There was an access control on the data in the weev case, as I understand it, it was just a brain-dead stupid one: your user agent. Basically, you could only pull the email addresses from the AT&T web server if you were using an iPad.
Which leads me to why I expect the two are legally different: when you put something up on a P2P service, they become searchable and not just accessible. Half of the point behind a P2P service is make it possible to find interesting files, the other is to make it possible to access them.
Due to AT&T's half-assed access control scheme, their files were not searchable by search engines. Which is probably enough to make the two cases legally distinct, but as with all legal speculation as Slashdot, IANAL.
You are in a maze of twisty little relative jumps, all alike.
I haven't read the articles, just the summaries, but I did stay at a Holiday Inn Express last night, so here goes.
There is a significant fundamental difference between these two, as others has tried to express. In the Weev case, he had to figure out how to get to the data which was not directly accessible through normal links. The authorities charged him with hacking since it was an unauthorized access.
In the P2P case, the defendants had placed the files in a location that was both accessible and searchable, which implies consent.
So, by analogy, the Weev case is like a store with a bad push-button lock on the door that takes only a couple digits to open. Making the claim that "anybody could have walked up and entered that combination and gained entry" shows the problem with the "made available" defense for Weev. By that theory, if I guess your bank account password then I haven't broken any laws since anybody who entered the right credentials "could have accessed it". In the P2P case, it is more akin to a store having a public front section and a private back section, and the store owner accidentally put an illegal item in the front section where the police saw it. It doesn't matter that it was a mistake, it was in plain site, and therefore no warrant needed.
>AT&T implied consent of that information being made public by not implementing any sort of authentication.
Oh, yeah, sure, and leaving your front door unlocked is consent to have all of your possessions in your home taken.
Only on /. would a comment like yours be modded to +5, Insightful instead of being laughed out of the room.
It's not a for-profit industry. Certainly, the Catholic priests weren't there for the money.
Stupidly, ATT put legal to possess, but private, information on a public server. Theft of that information still counts. If you left the keys in your car & someone stole it, it's still grand theft auto.
*Disclaimer* I did not read the article. (Anyone surprised)
By claiming that their 4th amendment rights were violated, they basically just pled guilty. The proper defense is "ZOMG some sicko hacked my WiFi!"
...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
If weev had downloaded the info using an iPad, would you then agree with Hatta's point? There would have been no trickery involved in that case.
Nope he was just playing Devils Advocate because we have no way to do a study... Legally, Ethically or Morally. I am not supporting the view either way, just pointing out that it is you who is looking at it wrong by not looking at both sides of the argument dmbasso made.
if anyone is found demonstrably guilty of trafficking child porn, they should be shot. Full stop. We need to take a page from the book of China or Singapore. Monsters deserve no leniency.
The Internet is peer-to-peer, apart from recent end-to-end compromises such as carrier-grade NAT. But as I understand the Computerworld article, it refers specifically to file search and sharing applications run on top of the peer-to-peer Internet.
Weev no more lied about who he was than I'm lying about who I am when I access "http://slashdot.org/~geekoid".
Give me Classic Slashdot or give me death!
I'd say it's worse than that. One can presume that AT&T has hired competent web administrators who go out of their way to make their intents follow through in acts. So, it would seem much more probably that the att.com web server allowing you access to some data is intentional much more than a random ip address of a lone individual on a p2p network meaning you to have access to data. So, I wouldn't necessarily say there is no justice whatsoever in treating them differently. More that when it came to how they should be treated, it was clear that corporations were being backed in their failings through government support and individuals are the first in line to be punished by the government if they ever slip up--as really, a photo distributed on a p2p network could you show you guilty of numerous possible crimes.
But, then, that just shows the social convention that thought crimes need to be punished but corporations need all the support they can because they're job creators. Lo be the day that there is a child porn corporation.
If that drug dealer asked if the cop was a cop and the cop then said no, then yes the cop is at fault and the evidence is inadmissible. now if the Cop is using a patsy to buy the drugs while wired and the dealer asked are you a cop and the patsy said no, evidence is good to go.
The question is then, is the P2P acting as the patsy? Can you expect not to incriminate yourself when downloading questionable material? should there be some sort of privacy on the internet, even with P2P networks. would they have been charged if this was not done on P2P but instead in email or FTP server?
I'm not supporting the pedos here, I'm just looking out for the privacy of all on the internet. Think about your own browsing and ask if you would like that information available to be used against you later on.
AT&Ts site DID have authentication.
Authentication is something you know, have, or are
AT&Ts site did not ask for any of these things. There was no authentication.
Give me Classic Slashdot or give me death!
I wonder how many of children are spared of abuse because the pervs had their impulses shunned by porn.
Not many I suspect. All the porn does is stoke the fires of the perversion. It's a kind of addiction, a progressive disease, not unlike alcoholism. Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough and gets the opportunity.
It's really quite a simple choice: Life, Death, or Los Angeles.
A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently.
An unlocked door is an unlocked door.
An unlocked door to a deli at 2PM should be treated very differently from an unlocked door to a residence at 2AM. They should be treated differently under the law. Context is everything.
Look, let's be a bit sharper and wider about this issue.
I have downloaded many videos based on little more then the title.
My client starts sharing the bits before the download is complete.
How hard would it be to target someone, or to download something misnamed, etc..
With these cases, ask yourself "Could that happen to me or would have at some point" and you start to realize how vulnerable you are to abuse or mistake. And how shitty these laws are at dealing with this.
No, he's asking a valid question. You're asking the equally valid one that needs to be answered at the same time.
Don't stop asking the questions. That way lies tyranny.
So if one allows access to P2P indexers, those people cannot retroactively claim their privacy was violated. Reasonable enough. However, if Google records unencrypted WiFi broadcasts over public spectrum they are guilty of wiretapping? It seems like there's a double standard being applied by the courts.
I am becoming gerund, destroyer of verbs.
Anyone else notice the pdf linked to an 11th circuit denial to rehear en banc, not a Second Circuit district court ruling about privacy? Come on Slashdotters, keep the posters honest.
Might as well face it I'm addicted to data.
A public, unauthenticated internet service is a public, unauthenticated internet service.
Weev did not make a standard query to a server and get information. He had scripts that sent millions of possible imei's to the server to get information for that specific user. He was convicted because he use IMEI's that did not belong to him and therefore masqueraded as the owners of those phones to download the information.
I dislike argument by analogy because it is impossible to create an analogy that exactly mirrors the situation. You end up getting led astray by bad assumptions and features of your analogy that do not match the real situation.
In your case there is a widely known social convention that stuff left in the break room is available for anyone. Actually that's not even reliably true; a lot of workplaces have communal fridges where people put their lunch, and they'll be super pissed if you eat it. But we'll assume it's true for the workplace in your analogy. There is another widely known social convention that stuff in your office is your stuff, and people can't take your stuff. So you can take stuff in the break room and not in someone's office because of the agreed-upon conventions. There is no other reason. It's not some natural law. The part of your analogy that's important is just "follow social conventions".
There is a social convention that websites may be looked at by anyone. I can go to King Abdullah University of Supercool Technology's "Current students" section and read all the links even if I'm not a current student. I can navigate directly to secreteasteregg.whateversite.com even if whateversite doesn't advertise that subdomain. And obviously once I'm there I can read the text that appears on my screen or save it to a file. That's the convention. If you want to restrict access you put on a password. There is a convention against cracking passwords.
Why do some of the biggest legal questions and issues seem to revolve around child pornography prosecutions?
[End Of Line]
You seem confused on the differences between access and authorization. The question in the AT&T case was about authorization. Was the guy authorized to access the things he did? Clearly he could access the data, but was he authorized to do so? If you have my bank credentials you have access to my account, but you do not have authorization to do anything with the account. Yes, you have the ability to do things, but that is nowhere near the same as being authorized.
In cases like that the courts will use a 'reasonable person' test. Would a 'reasonable person' think that AT&T intended that data to be publically available, or did the guy have good reason to know that he was not authorized to access that data (regardless of his ability to access the data)? If there was a link off of att.com, a reasonable person would probably agree that the data was intended to be public and the guy was authorized. If he had to guess at URL strings and such a reasonable person could well conclude that he had no reason to beleive he was authorized.
In this case, there is no question of authorization, only a question of access. The police do not need authorization to access data that has been exposed, intentionally or not.
Video games don't cause people to be violent, nor do they cause them to be peaceful.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
No, they are not. Don't be stupid. Weev was convicted of identity fraud - he was lying about who he was to get access to data he was not authorized to access. The police are not engaged in identity fraud - they are allowed to use different identities.
He had scripts that sent millions of possible imei's to the server to get information for that specific user.
Sure, and if I write a script that sends millions of requests to slashdot.org, from "http://slashdot.org/~a" to "http://slashdot.org/~ZZZZZZZZ", so what?
He was convicted because he use IMEI's that did not belong to him
How is that any different from me accessing "http://slashdot.org/~jklovanc"? I'm using a username that does not belong to me.
Give me Classic Slashdot or give me death!
Weev was convicted of identity fraud
Weev was unjustly convicted.
he was lying about who he was to get access to data he was not authorized to access
He wasn't lying about who he was, any more than I'm lying about who I am when I access "http://slashdot.org/~bws111"
Give me Classic Slashdot or give me death!
I think the notion that CP somehow extinguishes a fire in a pedo, preventing harm, is groundless. It goes against common sense and 60+ years of pr0n research. Extraordinary claims require extraordinary proof. my claim is reasonable and rooted in the common human experience. it is prima facae true.
In cases like that the courts will use a 'reasonable person' test.
I don't see how any reasonable person can determine that a publicly facing web server without any sort of authentication is not free to access. Authentication is how authorization is implemented on the internet. Any other policy will break the internet.
If there was a link off of att.com
How do you know you are authorized to visit att.com in the first place? You submit a query, and see if you get a response. Exactly what weev did.
The police do not need authorization to access data that has been exposed, intentionally or not.
The police need a warrant supported by probable cause to access anything a private individual can not. If it's illegal for weev to use a script to access unprotected files on a web server, it's illegal for the police to use a script to access unprotected files on a P2P server.
Give me Classic Slashdot or give me death!
Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough.
I think we found the solution!
So what kind do you beat it to?
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
While I understand what the judge is saying this ruling is a two edge sword. Basically, there is now precedent that anything on a computer that is connected to P2P gives up privacy. Could the government use a bot to get your tax records or medical records? According to this information, yes. What about another individual, yes, they could too because you effectively made it public by connecting to a P2P network.
Now, how about all of those sites with nude photos of ex girlfriends? Evidently, if while dating and she sent you the picture and your computer was connected to a P2P network, well, those pictures are public, too, at least under this ruling.
Think of a house. Just because the house has windows viewable by the public doesn't mean the public has the right to peer into your house to watch you prance around naked. Why then does a computer which also has the equivalent of a window to the outside world not afford the same protection? Just like there is a difference between a standing naked in front of the window and a peeping tom, there is a difference between being connected to a P2P network and sharing files you choose to share versus being connected to a P2P network and somebody running a bot against you.
It's commendable to try and stop child pornographers. Out of curiosity, if they already suspected the guy, how much more difficult would it have been to get a search warrant to ensure it was a legal search in the first place?
There are so many things that are wrong with the 21st century idea of "peer to peer" (roughly speak: systems like Napster, bittorrent and later, as opposed to "classical" p2p systems like SMTP, NNTP, etc, which most kids don't even really think of as being "really" p2p). And one of them is that you don't know who you're talking to. So everything you do is pretty much out in the open, and you can't really effectively use 1970s-and-later crypto tech (how can youkey exchange without an even half-assed attempt to authenticate?). That whole encrypted-connections checkbox isn't useless, but you shouldn't think of it as being "secure" either. It certainly doesn't do anything to protect you against a real adversary.
This judge ruled correctly, that people on such systems don't have a reasonable expectation of privacy. Whatever expectations they might have had, reason had damn well had nothing to do with it.
Long-term for everyone, it is probably best for privacy, that courts not erroneously start ruling that people doing crazy unsafe un-private things, have a "reasonable expectation of privacy." That can only confuse laymen into thinking insecure things are secure, openly-visible things are private, etc, ultimately playing into the hands of whoever's running the panopticon.
Why has no one mentioned the problems that now arise with using a P2P clone service like DropBox?
I think the notion that CP somehow extinguishes a fire in a pedo, preventing harm, is groundless.
How can you be so sure?
It goes against common sense
Come on, common sense only goes so far... should we kill the witch because she does/doesn't float? Some centuries ago the common sense answer would be "kill her either way".
and 60+ years of pr0n research.
Would you care to point me to this research?
Extraordinary claims require extraordinary proof. my claim is reasonable and rooted in the common human experience. it is prima facae true.
Sure, your claim is reasonable, but I'm not so sure it is true. I didn't claim anything, I just raised a question, which is reasonable as well, not extraordinary at all.
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
Video games don't cause people to be violent, nor do they cause them to be peaceful.
"the researchers found that the playing of such games actually had a very slight calming effect on youths with attention deficit symptoms and helped to reduce their aggressive and bullying behavior."
http://www.sciencedaily.com/releases/2013/08/130826123134.htm
When information is power, privacy is freedom.
That research is so full of biased studies and political experts out to prove a point, I can't figure out what the science actually says. The conclusions are all over the place.
I've seen people argue that porn destroys marriage by causing men to lose interest in sex on the same page that they then argue that porn turns men into sex-crazed rapists.
and 60+ years of pr0n research.
Would you care to point me to this research?
Seems like the opposite to me. They haven't proven that porn reduces incidents of sexual assault, but at a minimum increased societal access is empirically anti-correlated with the rate of sexual assault.
When information is power, privacy is freedom.
Been looking at porn since I was sixteen. Now twenty-eight.
Still a virgin.
I only like the fiction and artwork though, not the real photos and videos. They are just too close to reality for me.
It's not a for-profit industry. Certainly, the Catholic priests weren't there for the money.
It wasn't even an industry since the pedopriests weren't manufacturing kiddie porn, just abusing kids for their own gratification.
When information is power, privacy is freedom.
If you had just one CP file, and it was misnamed, and you kept it on your computer, then you have plausible deniability.
If you saw it and deleted it, the same.
If you have a collection shared, you can't say you didn't know.
It goes against common sense
The Earth may have been considered flat at one point by certain people, and that may have been "common sense" to them; common sense is often not as common as you may think, and it's also often nonsensical. The fact that you claim that something is "common sense" means absolutely nothing and is 100% irrelevant.
60+ years of pr0n research.
That research sounds extremely high quality. You can find studies to validate just about any opinion you have; it means little unless the studies are, you know, scientifically accurate.
Filthy, filthy copyrapists!
...that make it necessary for law enforcement to whittle away at our Fourth Amendment rights. Unbelievable, hiding behind the Constitution with a straight face in order to traffic in child porn. The chutzpah!
Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough and gets the opportunity.
I can spew forth unprovable, nonsensical statements, too. Must I?
Filthy, filthy copyrapists!
All your data is belongs to us, bitches.
I have trouble believing this garbage one way or the other. It's usually either based on subjective criteria or hasn't even been reproduced.
Filthy, filthy copyrapists!
I'm not supporting the pedos here
How many times do people have to make this clear? I don't see the point of doing that. Is the 'for the children' crowd that terrifying to people who are posting over the Internet?
Filthy, filthy copyrapists!
I don't think many judges would be surprised to see someone spewing forth (what is presumably perceived by you as) nonsense with a straight face; they do it all the time.
Filthy, filthy copyrapists!
No. The phone I'm typing this on is not like the Slashdot server cluster. That's client-server, like most internet activity.
Slashdot.org and CNET.com are peers. Note they don't communicate, there's no peer-to-peer communication.
Sure some elements of the infrastructure involve peer communication.
America has a very visible easily confirmed two tiered justice system.
I was a virgin until I was 27. Hang in there!
Sure, and if I write a script that sends millions of requests to slashdot.org, from "http://slashdot.org/~a" to "http://slashdot.org/~ZZZZZZZZ", so what?
Nothing and it should be prosecuted as well.
How is that any different from me accessing "http://slashdot.org/~jklovanc"?
It is different because that information is readily available to anyone who reads this site. An IMEI on the other hand is not widely known. There are billions of possible IMEIs and guessing at them was seen as a deliberate attempt to circumvent security. It is very similar to brute force cracking a password.
and 60+ years of pr0n research.
Would you care to point me to this research?
Seems like the opposite to me. They haven't proven that porn reduces incidents of sexual assault, but at a minimum increased societal access is empirically anti-correlated with the rate of sexual assault.
In what society?
IANAL, but there comes a point when every law reduces to some arbitrary judgment call. If I leave a box of donuts open in my closed (but not locked) office, I might expect coworkers not to eat any. On the other hand, leaving the same box of donuts in the break room makes that assumption unreasonable. In both cases, there is absolutely nothing stopping coworkers from getting to the donuts; society has decided that putting the donuts behind a door makes them my property, whereas putting them in the break room makes them everybody's.
Making something available via a Web server with no authentication is a bit like leaving the donuts in my office. Unless you checked, you wouldn't know they were there; I wasn't advertising their whereabouts. And even if you somehow knew they were there, the fact that I'm not advertising means that the social contract prohibits you from going and getting them without asking. The P2P network is a lot more like the break room - maybe you didn't know the social convention, but that doesn't suddenly mean you're entitled to complain about it. Learn from your mistake and move on.
There's something missing in this argument though:
Your donuts aren't equivalent to the illegal kiddie porn; they're more like a cool home movie that was accidentally shared (say, by the misconfiguration of software, or a misunderstanding of the system at hand). Instead, say it's a kiddie porn magazine you have in your office. If someone noticed this by peering into your office and then subsequently reported you to some authority, then the two situations become equatable. You still messed up and got caught, anything else is really moot at that point: the kiddie porn doesn't need to be in the breakroom for you to be in trouble.
Weev was convicted of identity fraud
Weev was unjustly convicted.
he was lying about who he was to get access to data he was not authorized to access
He wasn't lying about who he was, any more than I'm lying about who I am when I access "http://slashdot.org/~bws111"
But "http://slashdot.org/~bws111" is a public website. Other peoples AT&T information was not meant to be public. You keep saying that it was somehow unjust for the court to make this distinction, but even Weev knew there was a difference else why would he have gone to the media with all the data if he thought it was meant to be public?
Besides, Weev was convicted for guessing other people's IMEI numbers and sending them to the website to obtain the details, thus falsely representing that he was that user. He was not convicted for any privacy aspects.
This is what you get when you have judges who think obviousness is using technology to go directly to a site to look at something that needs to be translated from binary code. It's non-obvious the minute you have to use something or do something to see it. Notice the slippery slope we're on. Ah fuck it, we're half-way down a cliff by now anyway. There's also context but not much.
celle
"Due to AT&T's half-assed access control scheme, their files were not searchable by search engines. Which is probably enough to make the two cases legally distinct, but as with all legal speculation as Slashdot, IANAL."
Well that's half-assed reasoning. Did you not notice it was on a public access website.
my claim is reasonable and rooted in the common human experience. it is prima facae true.
And yet you can offer no evidence at all. He didn't say it "extinguishes a fire"; he implied that it allows a release that would exist otherwise without causing harm.
As a back-of-the-envelope sanity check, access to porn over the past 30 years has skyrocketed in the US. I mean, you used to have to go to seedy porn stores to get it and now anybody with an Internet connection can literally get more porn that they could every possibly consume, tailored to practically any niche they want. If it was positively correlated with sexual assault, it seems like we should be seeing it in the numbers by now.
So where's the data? It's not like this is an abstract thought experiment.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
If they downloaded the content directly, yes, but they can always argue someone placed it there, and law enforcement/prosecutors would have to prove they directly downloaded it for there own viewing.
"""The judge held (PDF) that the defendants had either ---inadvertently---, or otherwise,""""
Your poster argument makes no sense, you could be someone that is fighting against abuse and use the poster to make people aware of the problem and to start a conversation. That is a far cry from hanging a fully nude child on your wall and being dumb enough to open the doors to anyone.
The other argument is people are being arrested and charged from having pictures of there children taking there first steps or there first bath ect, nude. So between the shit for brains media and the shit for brains citizens that report, and believe what they do not know, anytime someone is charged for child porn you automatically judge they're guilty.
I refuse to argue with ninnys and the deliberately obtuse.
Did I miss the obvious explosion in rape statistics? Do you have a secret data stash somewhere? Are you sure that everybody being "deliberately obtuse" isn't just looking at the world as it is rather than as you imagine it is?
Hint: When the results of a thought experiment conflict with the results of an actual experiment, the actual experiment wins.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Close the thread, we have clear loser. "How come people foe me all the time but nobody friends me?" LOL, quite fitting
2012 Rape Levels in US at Record Levels
So what am I missing, aside from the fact that I might be a big fat stupid head?
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
You also appear to be refusing to admit that you could - however unlikely that may be - be wrong. That's not a good attitude to adopt.
You'll also being a bit of a douche, again.
systemd is Roko's Basilisk.
Better to remain silent and be thought a fool than to speak out and remove all doubt.
systemd is Roko's Basilisk.
Not many I suspect. All the porn does is stoke the fires of the perversion.
Would you admit, though, that it's possible that for some individuals porn may in fact reduce the risk of offending?
Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough and gets the opportunity.
Are you talking about a particular kind of porn, or just porn in general?
systemd is Roko's Basilisk.
Protocols have no human interaction, so there is no "lying" going on. Either your data is meant to be public or not, as defined by your settings. If your settings are to share your data with the world, then no warrant needed.
I think the notion that CP somehow extinguishes a fire in a pedo, preventing harm, is groundless. It goes against common sense and 60+ years of pr0n research. Extraordinary claims require extraordinary proof. my claim is reasonable and rooted in the common human experience. it is prima facae true.
I foresee a future in politics for you. You certainly have their understanding of logic and the scientific method.
Entirely different thing.
Leave it available for public download and the police can find it and use it for evidence, if they find a crime. That doesn't mean the general public can copy it legally. That doesn't mean the police can copy it, except as part of gathering evidence.
The police have certain powers of gathering evidence, but they cannot legally violate privacy to do that, and hence any evidence gained from such is inadmissible in court. The ruling was that stuff available for public download doesn't count as private, and therefore that the police can legally look at it without a search warrant.
It's like the difference between shooting up in your own bathroom and on your front yard. One is private, and the police need a warrant to see it. One is public, and a passing police officer may act based on what he or she sees.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I don't see how any reasonable person can determine that a publicly facing web server without any sort of authentication is not free to access
Acknowledging that you don't understand something is the first step towards wisdom.
Clearly, several reasonable people did determine that that sort of access was illegal. (Defining "reasonable" as "agreeing with me" is stupid.) Apparently, Weev needed to know the number of an iPad to get into the system. That's not normally public knowledge. Therefore, it's authentication. It's crappy authentication, but it still counts. A similar exploit would be to have a script to try to log into people's accounts by trying common passwords.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Um... how to put this?
No.
You're asserting prima facie evidence, which requires extraordinary proof in and of itself. So, where is it?
Don't give me that crap about common sense. Trial lawyers have lost cases too many to number because of that kind of specious assertion.