Blogger Fined €3,000 for 'Publicizing' Files Found Through Google Search

mpicpp points out an article detailing the case of French blogger Olivier Laurelli, who had the misfortune to click links from search results. Laurelli stumbled upon a public link leading to documents from the French National Agency for Food Safety, Environment, and Labor. He downloaded them — over 7 Gb worth — and looked through them, eventually publishing a few slides to his website. When one of France's intelligence agencies found out, they took Laurelli into custody and indicted him, referring to him as a 'hacker.' In their own investigation, they said, "we then found that it was sufficient to have the full URL to access to the resource on the extranet in order to bypass the authentication rules on this server." The first court acquitted Laurelli of the charges against him. An appeals court affirmed part of the decision, but convicted him of "theft of documents and fraudulent retention of information." He was fined €3,000 (about $4,000).

Hacker??!!

[bogidu]

You fsckup your own security then blame the guy for accessing and republishing something you posted for the world to see?! Stupid bureaucrats.

Re:Hacker??!!

French law and government is just simply fucked. There really isn't a better word to describe it.

They try to legislate all kinds of stupidity and it nearly always backfires on them. Just take a look at all the laws they've passed to improve employment in their country. Laws that fine employers for layoffs (guess how that turned out? Hint: all sane companies just laid off a bunch of people before the law came into effect and have less desire to hire anyone else), price fixing of books in a futile attempt to save bookstores, taxing the shit out of any company in an effort to fund a spendthrift government, it goes on and on.

http://globaleconomicanalysis....

The constant meddling has driven so many companies from their country, it just puts them in the hole even further. Speak out against any of the stupidity and rather than attempting to smarten up, they'll try to fine you. What a disaster. It's no surprise they came up with this dreadful verdict.

Re:Hacker??!!

What the fuck is it with autistic geeks, seriously?

Technology is not the law. Technology is not social protocol.

Just because you CAN do something, it doesn't mean it's okay to do it. This creates a horrible survival-of-the-fittest arms race techno-bureaucracy where values are absent.

In particular, if the door is unlocked, that doesn't mean you can walk into the building and take photocopies of everything you find there, then publish the documents.

Although, unless I'm misunderstanding, the French appear to allow convictions on appeal, and to have recently reduced the number of jurors by 3 in all jury proceedings "to save costs". These are IMHO serious problems with the French judicial system.

Re:Hacker??!!

[presidenteloco]

Hey!

The world wide web was designed to make accessible via hyperlinks (URLs) a whole bunch of documents / generated content. Key word being accessible. If someone is stupid enough to put documents intended not to be public on the public world wide web, that's their issue.

It is not a transgression on the part of the person who used the URL to access the content, doing nothing more than the technology is explicitly designed to do.

This is just another example of judges who got an A in social studies and a C in technical subjects making asinine rulings about use of technology they don't understand.

Re:Hacker??!!

[icebike]

Just because you CAN do something, it doesn't mean it's okay to do it. This creates a horrible survival-of-the-fittest arms race techno-bureaucracy where values are absent.

In this case, when a PUBLIC agency violates their own security protocol, and turns over all its internal documents to the internet, it means EXACTLY that it is OK to do so.

Your analogy of walking into an unlocked office fails the sniff test. (not to mention the stupid analogy test).

He did not break. He did not illegally enter. There was no door. He didn't deprive them of anything. The documents might as well have been stacked neatly in the public park, with signs and arrows pointing to the juicy bits.

The government agency already published the documents.

Re:Hacker??!!

The world wide web was designed to make accessible via hyperlinks (URLs) a whole bunch of documents / generated content. Key word being accessible.

HTML was designed as a hypertext markup language, and the web evolved around it. It wasn't designed for everybody to be able to access every document, and it certainly wasn't designed for everybody to be able to republish every document. Even if it was, that doesn't mean it has to be used that way.

If someone is stupid enough to put documents intended not to be public on the public world wide web, that's their issue.

Even if somebody is stupid, they don't lose the protection of the law. Again, this isn't some weird fascistic "might is right" country.

It is not a transgression on the part of the person who used the URL to access the content, doing nothing more than the technology is explicitly designed to do.

Repeat of incorrect origin; repeat of origin fallacy.

This is just another example of judges who got an A in social studies and a C in technical subjects making asinine rulings about use of technology they don't understand.

Well, as someone with an LLB (England+Wales), an MSc in mathematics, and a computing bachelors, I'm fairly sure I understand the difference between technology and the law. And I bet the judge you're prejudging does too. There are a lot of judges with a biased axe to grind, and a few who are outright corrupt, but not many at all are dumb - this is something the activist layperson doesn't like to acknowledge, because surely someone who disagrees with you has to be thick? Wrong. Same thing applies to the legislators, fwiw.

Re:Hacker??!!

[presidenteloco]

Ok I'l give you another analogy.

This is pretty much like leaving a stack of pamphlets on a table in a train station, then arresting those who pick one up for possession of classified material.

I can't make it any clearer: Content that is behind a URL in a publicly searchable server directory, with no password or secure session protection, has been placed in plain sight in public. There is no fault in accessing it, nor in republishing it (posting the pamphlet on the door of your house) unless it contained an explicit copyright restriction statement.

Re:Hacker??!!

In this case, when a PUBLIC agency violates their own security protocol,

What the fuck has its being "PUBLIC" got to do with it? Maybe you're making parochial assumptions about licensing of government documents.

He did not break.

Straw man - "unlocked office"

He did not illegally enter.

Straw man - It's not the entering that's relevant - in many countries, trespass isn't illegal anyway.

It's about the duplicating of the documents located in a private place, and the republishing.

He didn't deprive them of anything.

Straw man - nobody mentioned theft.

The documents might as well have been stacked neatly in the public park,

False analogy - they weren't located in a public place.

with signs and arrows pointing to the juicy bits.

False analogy - signs and arrows are explicitly created and would imply an intent to draw attention to "the juicy bits". A search engine link merely implies that the spider crawled to or (in rare cares) guesstimated a particular location accessible to the spider.

And not even signs and arrows would imply permission to republish.

Re:Hacker??!!

[icebike]

In the absence of any keep out signs, (there weren't any), even in France, public items are for free for public consumption.

The only strawman around here is you, and you seem to have most of it in your head.
This guy did nothing wrong. The documents were freely available on the web. There was no security on the site, and no copyright on the documents.

As he states on TFA:

Through a Google search which strictly did not have anything to do with ANSES or with public health, I found myself in the ANSES extranet. Simply by clicking on a search result.

First observation: there are a lot of documents freely available here.
Second observation: they speak about public health.
Third observation: L’ANSES is a public establishment.
Question: Is it that this ought to be public?
Response: (too) obvious at the time: yes.

And he was acquitted!!! But an embarrassed agency appealed..

Re:Hacker??!!

Hey!

The world wide web was designed to make accessible via hyperlinks (URLs) a whole bunch of documents / generated content. Key word being accessible. If someone is stupid enough to put documents intended not to be public on the public world wide web, that's their issue.

It is not a transgression on the part of the person who used the URL to access the content, doing nothing more than the technology is explicitly designed to do.

So people who download copyrighted movies illegally need not worry since it is only the person who put it up there that is responsible?

Re:Hacker??!!

[LoRdTAW]

The mistake he made was knowingly publish documents that didn't belong to him and which he knew weren't supposed to be publicly available. If you read the article, the only information the authorities had in the beginning was that someone had documents they should have had and that the IP address used to access them was foreign (Panama, because of his VPN). They then traced that back to him which looked awfully suspicious. They had no idea he simply stumbled upon them through a Google search. So at first they were sure they were hacked, they didn't realize the link was right out in the open. The problem was sorted out but he still did the wrong thing by publishing documents that didn't belong to him. That is why he was fined. To me, its a fit punishment. He meant no harm but he knew he shouldn't have done what he did.

He even admits he did the wrong thing:

First observation: there are a lot of documents freely available here.
Second observation: they speak about public health.
Third observation: L'ANSES is a public establishment.
Question: Is it that this ought to be public?
Response: (too) obvious at the time: yes. ...I did it wrong.

Re:Hacker??!!

[Golddess]

In particular, if the door is unlocked, that doesn't mean you can walk into the building and take photocopies of everything you find there, then publish the documents.

This isn't an unlocked, unsupervised door to a building, this is your crazy ex who still has a valid key holding a garage sale while you are out of town. The people perusing the contents of your home looking for items to take/buy didn't know the crazy ex did not have the right to let them in.

Re:Hacker??!!

In a sane world, yes. You go after the people illegally distributing it, not the people receiving it.

Re:Hacker??!!

[gl4ss]

but there is no warning, no separation between the files they wanted people to read and the files they didn't want people to read.

I can't just post nekkid photos of myself on a publicly accessible and indexed web page and then start suing people when they mock me for them...

Re:Hacker??!!

[dnavid]

In the absence of any keep out signs, (there weren't any), even in France, public items are for free for public consumption.

The only strawman around here is you, and you seem to have most of it in your head. This guy did nothing wrong. The documents were freely available on the web. There was no security on the site, and no copyright on the documents.

As he states on TFA:

The article has an update posted:

UPDATE: Laurelli ended up admitting in testimony that when he found the documents, he traveled back to the homepage that they stemmed from and found an authentication page. This indicated that the documents were likely supposed to be protected. That admission played a part in his later conviction in the appeals court.

In other words, he admitted to the court that he deliberately attempted to determine if the documents were intended to be publicly accessible or not, and had determined *to his own satisfaction* that they were likely not intended to be made public. That's probably why he was not acquitted on the basis of the documents being public. They were, to an uninitiated person. But Laurelli actually knew what he was doing and admitted to the court that he himself believed the documents were not intended to be publicly accessible. So while he thought they "ought to be" public, he also knew they were not intended to be. So by his own admission, he had the requisite intent to steal them from people who did not want them taken.

It seems the lower court acquitted him because all they knew was he got the documents through a public search, and did the right thing by acquitting him. And the appeals court also did the right thing in upholding that acquittal. What they convicted him of was the different crime of retaining and disseminating those documents *after* he realized they were not intended to be public.

Re:Hacker??!!

[TapeCutter]

and no copyright on the documents

Copyright is automatic, you don't need to state it explicitly for it to apply. That's why downloading movies from TPB is perfectly legal but redistribution without permission is not.

Re:Hacker??!!

[icebike]

and no copyright on the documents

Copyright is automatic, you don't need to state it explicitly for it to apply.

Really? Can you quote me the exact chapter and verse of French Law that makes this true??

Re:Hacker??!!

Hey dumbshit - if someone posts something out in the open, then guess what, they WANTED YOU TO READ IT, DOWNLOAD IT, ETC.

If they didn't, they wouldn't leave it out in the open.

If someone leaves their blinds open and you see them doing something normal people wouldn't want you to see, doesn't make you a peeping tom, makes them liable for indecent exposure.

Now, can you tell the difference between intent and stupidity? Can the laws differentiate? Nope! So if it's there, it was intended to be available for download, period.

Re:Hacker??!!

[Wycliffe]

It's insane to try to prosecute the downloader. My 6 year old loves to watch youtube videos.
Alot of the words she knows how to spell like 'dora' and 'mickey mouse' are copyrighted.
How is she (or her grandma or anyone else) suppose to know that video A is ok to watch
but video B (which youtube is still getting ad revenue from) is copywrited and illegal.
Honestly half the time I can't even tell. I assume that full length movies on youtube
(yes there are quite a few, my kids stumble upon them all the time) are illegal but youtube
does a terrible job of enforcing it on all but the most popular movies and there is tons
of gray area as I'm assuming some of the shows like the disney ones are probably
actually licensed but then again even some of those have poorer quality and might
be bootleg. Prosecuting the downloader especially if the provider is someone like
google or youtube is like prosecuting someone because walmart sold them a bootleg
dvd.

Re:Hacker??!!

Response: I did nothing wrong (tftfy)

It was open to the public.
It was accessible by the public.
It was public information.
It was for the public to consume.

Therefor it was not wrong to release it to the public in a form that drew more public awareness to it.

Otherwise if no one saw it, some day down the road, when asked why this entity didn't publicize the information, they could say "But your honor, we did - no one read it or downloaded it, but it was there, and available"

Re:Hacker??!!

[Wycliffe]

That's why downloading movies from TPB is perfectly legal but redistribution without permission is not.

Downloading from TPB can still get you in trouble if you are using a normal bittorrent client.
Bittorrent does tit for tat swapping so unless you set it to leach mode (which will all but kill your transfer speed)
then by just using bittorrent to download a movie you are helping to distribute it.

Re:Hacker??!!

[pete6677]

I don't understand why every business doesn't just pull out of France altogether. It can't be worth staying in a place where the government does everything in the absolute dumbest way possible. Whenever I hear of American government stupidity stories I remind myself that at least I don't have to live in France.

Re:Hacker??!!

[noh8rz10]

It's fundamental to all of Europe, and a huge freaking problem. Look at Amanda Knox – interrogated without a lawyer, tried twice for the same crime, and convicted without being present in court. Thank goodness we have the Bill of Rights! Those founders really thinking something good two hundred years ago.

Re:Hacker??!!

What kind of idiot lawyer did this kid have?
Why was he even talking to anyone?
I thought by now everyone would know that you should never say anything.
If you don't say anything they can only use what they have.
What you say can only make your position worse.
Ideally admitting to something would make things better, but the reality is that it doesn't
The only time to talk is if you have a deal whereby you get a reduced sentence for admitting to things you didn't do.
And remember you didn't do anything and you didn't know anything.

Re:Hacker??!!

[Sarten-X]

This is pretty much like leaving a stack of pamphlets on a table in a train station, then arresting those who pick one up for possession of classified material.

That's pretty much exactly how classified material works. It doesn't matter how you got the information, or even whether you should have access to it. What matters is whether you followed proper security procedure with it, including labeling.

It's strict by design. Otherwise, a spy could copy classified information, remove the labeling, and just leave the information on a table for an accomplice to pick up. That accomplice could then undertake the risky operation of transporting the documents, but with little risk of a provable criminal prosecution. After all, he has a plausible defense of pleading ignorance.

Re:Hacker??!!

[Sarten-X]

Chapter I of the French Intellectual Property Code, apparently. From a Google translation, it seems to state explicitly that the mere act of creation invokes copyright protection.

Re:Hacker??!!

[icebike]

But does it apply to government employees?

Re:Hacker??!!

[Chas]

Thing is. In the US you can be tried twice for the same crime. It all depends on how far the prosecutor (and you) want to push things. This is what various appeals courts, all the way up to the Supreme Court are.

In the US, you can be convicted in absentia as well. Take Andrew Luster as an example.

Also, you CAN be interrogated without a lawyer present. Reread the Miranda Warning again.

- You have the right to remain silent when questioned.
- Anything you say or do may be used against you in a court of law. (Modern readings have can and will in place of may)
- You have the right to consult an attorney before speaking to the police and to have an attorney present during questioning now or in the future.
- If you cannot afford an attorney, one will be appointed for you before any questioning, if you wish.
- If you decide to answer any questions now, without an attorney present, you will still have the right to stop answering at any time until you talk to an attorney.
- Knowing and understanding your rights as I have explained them to you, are you willing to answer my questions without an attorney present?

Nothing in there says they CANNOT interrogate you without an attorney present. Merely that you have the right to demand that one be present.

Maybe this makes me come off as a pedantic asshole. But before casting aspersions and talking about how GREAT you have it here...

Oh, and maybe talk to Cassandra Feuerstein about her treatment while in custody:

http://chicago.cbslocal.com/20...

Re:Hacker??!!

[Redmancometh]

Yeah this isn't a "door was left open" scenario. That scenario is more comparable to network infrastructure without a password on it like ssh. There is a door, but it's been left unlocked. This wasn't even a house (private network) this was a public place.

In the scenario we're talking about the object was both left in a public place and said public place was referenced in another. I can't think of anything analogous to the real world, but real world analogues only cloud judgement.

The bottom line is this had to be in a directory literally called "public_html" or the equivalent for IIS/Nginx. This folder, and it's contents, are shared with everybody. Not only that, but the URL was advertised in an unspecified public place. This URL was also indexed by google.

Further there were 7GB worth of files..plural..so directory listing was on. This is DIRECT EVIDENCE that the French prosecution/government is simply spinning things.

"In their own investigation, they said, "we then found that it was sufficient to have the full URL to access to the resource on the extranet in order to bypass the authentication rules on this server."

Obviously he didn't need the full URL if he was able to wget 7 gigs worth of text and/or pdf files. If he was able to download the entire directory there was no authentication mechanism to be bypassed, and the only offense by the French government is farcical. This has a double impact, as it also proves this was conclusively NOT an extranet by definition.

So if I was the defense I would say:

1) The "open door" example is intentionally (and obviously) misleading and biased, and that's probably the exact analogy they used. It seems like that analogy gets used in all court cases.
2) There is clear intent by the person who designed the server to make said documents public information. The intent is proven by a very simple fact: the site has been crawled by google. Without a robots.txt google will not crawl your site (at least these days.)
As this file must have been created and configured intent couldn't be any more clear.
3) To further prove the intent of the French administrator the files were (most likely willfully and knowingly) placed in a directory specifically marked for sharing files.
4) Laurelli never bypassed (or even provably encountered) any authentication mechanism whatsoever.
5) The French government's argument is non-unique as these documents were already made "public for advertising or promotional purposes" when indexed by google, and this claim is supported by google's own mission statement:

google's mission is to organize the world’s information and make it universally accessible and useful."

google's mission statement (by it's own admission) is to make the world's (what they choose..via indexing) information universal. This is obviously for promotional purposes of google and would fall neatly into the definition of "publicizing." So by crawling google announced their intent to publicize the documents, and by indexing said documents as step 1, we have both a provable intent and provable action moving towards publicizing the documents at hand. The next step in publicizing after indexing is of course to wait for users to access and share the content. This is exactly what my client did (teehe I couldn't resist).

In summation it is very clear cut that there is indeed only 1 victim here...but there are 2 villains in this story. The first (and lesser at least under French law) was the network engineer/admin who either misrepresented his/her ability, got lazy, or was grossly negligent.

The second, and greater villain, and the true perpetrator of this crime was google. For the intent of gaining profit using the French government's documents (which google indexed to grow their search database) in the pursuit of adding content for their userbase in an effort to grow said userbase and profit via advertising targeted to it's users.

Mr Laurelli is the clear victim of both goo

Re:Hacker??!!

[Redmancometh]

That's why downloading movies from TPB is perfectly legal but redistribution without permission is not.

Are you high right now?

I hope you don't actually believe that..or that you are not a US/EU citizen.

Re:Hacker??!!

[Redmancometh]

I can't just post nekkid photos of myself on a publicly accessible and indexed web page and then start suing people when they mock me for them...

Except that you can totally do that. You shouldn't be able to, and probably won't win..but it's attempted on a semi-regular basis I think. Also the word nekkid is hilarious.

Re:Hacker??!!

[noh8rz10]

Thing is. In the US you can be tried twice for the same crime. It all depends on how far the prosecutor (and you) want to push things. This is what various appeals courts, all the way up to the Supreme Court are.

nopee. the first court is the only court that hears matters of fact, i.e. evidence, witnesses, etc. all the appeals courts only hear matters of law, i.e. whatever. further, if the defendant wins a court case, the prosecutors can't appeal. So, no you can't be tried more than once.

In the US, you can be convicted in absentia as well. Take Andrew Luster as an example.

The supreme court has ruled over and over and over again that people have the right to be present at trial, and if a trial happens without them it is a violation of due process protections. Congress codified this in 1946 to lay out specific protections and enumerate specific exemptions. One exemption "the defendant waives his or her right to be present if he or she voluntarily leaves the trial after it has commenced". Your dude Andrew Luster bolted from the trial and fled the country. He got sentenced anyway.

You sir are my chief pedant of the peasant's pedant brigade. USA is an exceptional nation.

Re:Hacker??!!

[Nikker]

I wonder constantly about people putting "production" material online. In the 90's you would be tarred and feathered for just suggesting putting important info anywhere else but an air gaped machine. Now it seems like it's just plain fashionable.

What gives?

Re:Hacker??!!

[doccus]

Hey!

The world wide web was designed to make accessible via hyperlinks (URLs) a whole bunch of documents / generated content. Key word being accessible. If someone is stupid enough to put documents intended not to be public on the public world wide web, that's their issue.

It is not a transgression on the part of the person who used the URL to access the content, doing nothing more than the technology is explicitly designed to do.

So people who download copyrighted movies illegally need not worry since it is only the person who put it up there that is responsible?

People who post copyrighted material in a free access format are indeed the guilty party, as this is precisely the main people that the copyright cops go after...

Re:Hacker??!!

[c0lo]

It's insane to try to prosecute the downloader. My 6 year old loves to watch youtube videos. Alot of the words she knows how to spell like 'dora' and 'mickey mouse' are copyrighted. How is she (or her grandma or anyone else) suppose to know that video A is ok to watch but video B (which youtube is still getting ad revenue from) is copywrited and illegal.

Ignorantia juris non excusat. Throw her and her granny in jail, they're criminals.

</sarcasm>

Re:Hacker??!!

[chezbunch]

The situation is more complex than that. Basically, there are 4 things forbidden in the French law:
A - Accessing a system fraudulently. That means that you know the system is protected and you don't have the rights to access it, but you still do
B - Maintaining your access to the site while you know that you shouldn't access the site
C - Preventing the site from working properly (deny of service)
D - Modifying, adding or removing some data from the site

The blogger was not indicted for A (he just clicked a link), nor C or D. But he was convicted for B, because he confessed in custody that by browsing the site he knew that the site was password protected and that the intend was to protect the documents he copied.
He also was indicted because it was considered he stole 8gb of documents, but it seems that there is no legal base for this part (you cannot steal a document)!

Re:Hacker??!!

It's like someone walking into the public library, browses the shelves, sees a book on the CIA. Checks it out, and it ends up being the some secret CIA manual. OF course he has no idea it's 'classified', and he shows it to someone else, and now the government is trying to jail and sue him.

They should leave him alone and try to find the moron that put it there for everyone to see in the first place.

Re:Hacker??!!

"Look at Amanda Knox â" interrogated without a lawyer, tried twice for the same crime, and convicted without being present in court."

You mean, like anyone at Guantanamo?

Re: Hacker??!!

I agree that European law is rough (this coming from an American), but who are we to judge their ideals just because they're different than ours?

If they see reason to allow double jeapordy, et al, then that's their right. American and European law is vastly different, but it's a case of historical ideals more than anything.

Re:Hacker??!!

[Fuzzums]

So if I leave my front door open, that gives you the right to barge in and take stuff from my refrigerator?

Re:Hacker??!!

[Jesrad]

But an embarrassed agency appealed..

Actually, no. The agency acted responsibly, it did NOT appeal the decision and further embarrass itself. Instead, it was the Parquet de Justice (think of it as an equivalent of US General Attorney) who seized the affair and appealed in their place, and in the end got Laurelli sentenced for whatever reason they could muster at the time.

This is very much a case of blunt, direct censorship attempt through usurpation of judicial authority by some executive administration.

Put this in context by considering that France is responsible for a whopping 87% of all tweet removal demands that Twitter receives. That's a lot more than all other countries combined generate, even including Russia and China.

Re:Hacker??!!

[Alain+Williams]

A bad analogy: if I take a bottle of milk from the refrigerator then it is no longer in it. If I copy some pages from a web server they are still there for someone else to look at.

A better analogy would be that I looked into the refrigerator and told the world what sort of cheeses you liked.

Re:Hacker??!!

[emilv]

But does it apply to government employees?

This is a relevant question regarding the damage done. Are government documents copyrightable in France? In Sweden where I live these kinds of documents are explicitly exempt from copyright and put into the public domain. Swedes can also request a copy of any government document not explicitly covered by confidentiality laws.

But it is not entirely relevant if they argue that the crime is hacking into a computer system, which is usually covered by different laws altogether. So getting the documents in this way may be illegal regardless of copyright and confidentiality. Under Swedish law the act of getting access to computer resources you shouldn't have access to is the crime in this instance. My understanding of TFA is that the French law is similar in this regard, and that was the crime he was convicted for. Not copyright, but computer intrusion.

Re:Hacker??!!

[u38cg]

You don't even have to RTFA to see that the court, and the appeal court, threw out the charge relating to downloading the documents. The only charges that stuck were related to reproduction, something that is illegal in one way or another in most places.

Re: Hacker??!!

I guess that on both sides of the pond only the worst stories from the other side make the news. As a Finn, I would prefer being tried in an Italian court instead of an American one any time. Here the perception is that money is all that matters over there and a lot less here. As far as the Knox case is concerned, I have no idea because both the guilty and not guilty sides have screamed opinions as fact to the media so loudly that any actual facts have drowned in BS. And TBH I don't care that much about that particular case either.

A common misconception Americans have is that it's horrible double jeopardy here when the prosecutor can appeal a not guilty verdict. What Americans (sorry if I generalize too much) seem to not know is that when a not guilty verdict is given, the judge sets a time limit (a couple of weeks normally) within which the prosecutor must appeal the verdict and if the prosecutor doesn't do so and the higher level of court accept the appeal, the not guilty verdict becomes permanent and the accused can never be charged with the same crime again. Basically the only difference on this side of the pond is thus that the part of the process that the prosecuted individual has to take part in ends sooner than he/she gets the very final verdict. IMHO there are some advantages to letting a prosecutor appeal a not guilty verdict, namely that regardless of country (I'd say) the lowest level of courts have the least competent people anyway (maybe a harsh term) and if a prosecutor at that level makes a mistake, it shouldn't benefit a clearly guilty individual too much - the same way as I don't want to see a mistake by a defence lawyer at that level result in a clearly innocent individual getting sentenced. Thus a case with a "bad" outcome can be heard by a more competent court, if necessary, regardless of who benefit/suffered from the bad outcome.

Re:Hacker??!!

Still. What are you doing in my refrigerator?

Re: Hacker??!!

Plenty of people are convicted ex parte in the US.

Re:Hacker??!!

So people who download copyrighted movies illegally need not worry since it is only the person who put it up there that is responsible?

Yes, this is the actual rule of law in many (most?) European countries.

Re:Hacker??!!

[shikaisi]

FREE AMANDA KNOX

If they're free, I'll take two.

Re:Hacker??!!

[Registered+Coward+v2]

You don't even have to RTFA to see that the court, and the appeal court, threw out the charge relating to downloading the documents. The only charges that stuck were related to reproduction, something that is illegal in one way or another in most places.

What's wrong with, actually RTFA and then bringing up facts on /.? You've been around here ling enough to now that's not how /. works.

Seriously, he also admitted after he got the documents that he went to the home page and discovered it required authentication and thus new the documents were meant to be protected. As you pointed out, the court didn't take issue with his stumbling upon the documents but what he did after he apparently realized they were not meant to be publicly accessed.

Re:Hacker??!!

[Grantbridge]

Republishing someone else's documents is copyright infringement at the least. News websites are freely accessible, but if you spider all their content and host it on your own website you'll be lucky to get away with a €3,000 fine!

Re:Hacker??!!

[houghi]

There was no security on the site, and no copyright on the documents.

Isn't a copyright implied? It does not have to say Copyright to have it.

Re:Hacker??!!

that's not ignorance of the law, that's ignorance of the facts, which *is* an excuse.

Re:Hacker??!!

[gnasher719]

It's fundamental to all of Europe, and a huge freaking problem. Look at Amanda Knox â" interrogated without a lawyer, tried twice for the same crime, and convicted without being present in court. Thank goodness we have the Bill of Rights! Those founders really thinking something good two hundred years ago.

My understanding is that Amanda Knox is a very good looking woman who brutally for no other reason than her own pleasure killed another person. Not being in court when she was convicted was obviously her own decision.

Re:Hacker??!!

You got it right.
French-speaking people can have a commonfolk-friendly reading of the judgement from a lawyer at www.maitre-eolas.fr (famous french legal blog), and it says exactly the same.
According to the judgement minutes, the guy accessed legally to the system, then discovered he wasn't allowed there, but still stayed, downloaded document, and distributed them. That's what got him, not merely following a Google link.

Re: Hacker??!!

[K.+S.+Kyosuke]

I agree that European law is rough (this coming from an American)

Especially Norwegian law. ;p

Re:Hacker??!!

There's nothing they can do if you reply "I do not understand these rights and accordingly I will not make any statements until they have been explained to me to my satisfaction" to the last question.

Re:Hacker??!!

[Pharmboy]

Guantanamo is a fucked up situation, and it is being used for the wrong reasons in many cases, however, it does prove the fact that if you are on US soil, the government can't do those things to you under the law. Otherwise, Guantanamo wouldn't be used to begin with.

Re:Hacker??!!

[nhat11]

That's like saying you left a door opened during the summer but that doesn't give the right to steal whatever you want out of it.

Re: Hacker??!!

[Pharmboy]

In American CIVIL courts, money is king, and often the side with the most money wins. In CRIMINAL court, it is a bit different. One side is always the government, the other is you. There are tons of protections in place.

Where it gets fucked up in the US is Federal criminal law. State criminal law is pretty straight forward, but your protections in Fed cases is greatly reduced. The vast majority of cases are State, not Fed.

Ask Ed Rosenthal, who was convicted of being this mass marijuana producer.....because he wasn't allowed to tell the jury that all the pot was grown only for medical dispensaries. After the case was over, the jury was PISSED OFF and said they would have acquitted. On appeal it was knocked down to "time served" but still. That is the Feds for you, they aren't interested in justice, just notches on their gun barrel.

Re:Hacker??!!

[Dereck1701]

"nopee. the first court is the only court"

Tell that to the "Liberty City 7", that group of destitute morons that the FBI conned into becoming "terrorists". The charges and evidence were so laughable that two separate juries wouldn't vote to convict. It took a third, hand picked jury to finally convict some of them of some of the charges after two weeks of deliberations and two uncooperative jurors being replaced.

Re:Hacker??!!

[Type44Q]

It's insane to try to prosecute the downloader.

How the fuck else do you propose to revive feudalism/fascism - prevent the peasants from owning guns?! :p

Re:Hacker??!!

[oreaq]

He sent a "GET /some_document.html HTTP/1.1" request to a web server run by the French National Agency for Food Safety. The web server, acting per procurationem for the agency, sent him the "secret" document. If I ask you, "Can you give me $10?" and you give me $10 dollars, you can't run around and claim that I stole $10 from you.

Re:Hacker??!!

[PRMan]

In the USA, Obama's DOJ would have given him 50 life sentences and pressured him until he killed himself. €3000 seems cheap by comparison.

Re:Hacker??!!

[PRMan]

Then your understanding knows virtually nothing about the case.

Re:Hacker??!!

[PRMan]

More like the door was locked but the window was open.

Re:Hacker??!!

[PRMan]

This is an excellent analysis. Wish I still had mod points.

Re:Hacker??!!

[PRMan]

Downloading from TPB is NOT legal in the USA. Downloading from a torrent includes uploading (seeding) which is distribution and violates US law.

Re:Hacker??!!

[l0n3s0m3phr34k]

LOL. I've been doing the same thing...broke out an old textbook with logical fallacies in it, and I have been listing the same kinds of posts pointing out the exact logical errors on people.

Re:Hacker??!!

Mistrials do not count. They mean that something improper occurred during trial which adversely affected the defendant and in the interest of their constitutional right to a fair trial by jury, there must be a new trial. This can also happen in the case of a hung jury where the jury cannot reach a verdict. Thus the trial must start over and is a new trial, not an appeal. Previous arguments are thrown out and new jurors are brought in. Anyone the jury actually was able to acquit is not part of the new trial.

Lyglenson Lemorin was acquitted during the second trial, and if you bother to Google it, you'll see that he was not part of the third (though he was later deported). The government could not try him again on the same charge.

Re:Hacker??!!

[ultranova]

What the fuck is it with autistic geeks, seriously?

Beyond misusing "autism" as an insult? I dunno, I'm not a psychologist.

Just because you CAN do something, it doesn't mean it's okay to do it. This creates a horrible survival-of-the-fittest arms race techno-bureaucracy where values are absent.

Currently the amount of power you wield depends on how good you are at manipulating people ("think of the children!"), or how much cash you have to bribe them with. As Information Age gets into gear, the ability to manipulate technology becomes another viable power base. All that's happening is that the fitness criteria are broadening and becoming more inclusive.

In particular, if the door is unlocked, that doesn't mean you can walk into the building and take photocopies of everything you find there, then publish the documents.

Which has nothing to do with what happened. This is a case of someone accidentally publishing documents, then complaining when someone else quotes a few snippets.

Re:Hacker??!!

[o_ferguson]

http://www.youtube.com/watch?v...

Re:Hacker??!!

[rjstanford]

He sent a "GET /some_document.html HTTP/1.1" request to a web server run by the French National Agency for Food Safety. The web server, acting per procurationem for the agency, sent him the "secret" document. If I ask you, "Can you give me $10?" and you give me $10 dollars, you can't run around and claim that I stole $10 from you.

If I'm standing behind a big sign that says,"$10 for government employees to pay for parking," at a conference, and you get in line with hundreds of other people making requests for $10, and I forget to check your ID because there's someone at the front door doing it but you came in a side door that I didn't know existed ,then yes, you've just stolen $10 from me. That's a more realistic silly analogy here.

Re:Hacker??!!

[Jason+Levine]

Copyright is automatic, you don't need to state it explicitly for it to apply. That's why downloading movies from TPB is perfectly legal but redistribution without permission is not.

Technically, downloading movies from The Pirate Bay without the copyright holder's permission isn't legal (at least in the US). It's just near-impossible to prosecute unless you are uploading as well (which some BitTorrent clients do). To prosecute an uploader, you just need to look for someone offering the file for download. (We'll set aside for the moment any discussion on whether an IP address is sufficient evidence for conviction since it's obviously enough for the RIAA/MPAA to get trials started in many cases.) To prosecute a downloader, you would need access to ISP and/or website logs to identify who connected to what resources when. The former can be obtained easily and can "take down" someone who is sharing a lot of files with a lot of people. The latter takes a lot of resources (from court cases to obtain the logs to going through the logs to identify infringements) and can only "take down" one person who is downloading files.

The original Napster case affirmed that downloading content wasn't permitted, but further court cases haven't clarified that much since prosecuting a downloader costs so much for so little "return." If a downloader is ever prosecuted, though, don't expect the courts to rule that downloading is perfectly legal.

Re: Hacker??!!

[noh8rz10]

I agree that European law is rough (this coming from an American), but who are we to judge their ideals just because they're different than ours?

If they see reason to allow double jeapordy, et al, then that's their right. American and European law is vastly different, but it's a case of historical ideals more than anything.

Sure whatever, as long as they do it to themselves and not Americans. Obama should step in and put an end to the whole matter.

Re:Hacker??!!

[rjstanford]

Except that, by his own testimony during trial, he checked the name on the front door and saw that it was indeed a secure government portal and was locked. In that case, having the janitor let you in the side door is indeed fishy.

Re:Hacker??!!

[Impy+the+Impiuos+Imp]

That seems rather pointless -- you already have the right to remain silent.

Re:Hacker??!!

[rjstanford]

Or looked into his desk and told the world what his written down passwords were. After all, that's not stealing either. What people do with that classified, yet unlocked, information isn't your concern, right?

Re:Hacker??!!

[noh8rz10]

It's not just that she wasn't in court when she was convicted, she wasn't in Italy at all and they went ahead anyway rather than trying to extradite. This is unjust in US,

Re: Hacker??!!

[noh8rz10]

On what grounds can the not guilty verdict be appealed?

Re:Hacker??!!

[noh8rz10]

"nopee. the first court is the only court"

Tell that to the "Liberty City 7"

Is that the new GTA sequel?

Re:Hacker??!!

Well, as someone with an LLB (England+Wales), an MSc in mathematics, and a computing bachelors,

And yet somehow you're still a fucking retard.

Re: Hacker??!!

Norway doesn't count. They don't know how to deal with crime, but they'll learn as immigration intensifies and they start having increased population pressure and the attendant civil issues that come with that.

Re: Hacker??!!

Indeed. With how aggressive and bloodthirsty federal prosecutors are over here, allowing them to appeal a not guilty verdict would be a death sentence for everyone who has to go through the federal criminal justice system.

Re:Hacker??!!

[bondsbw]

There is a difference between a hyperlink and storing the files on your own server. In the former case, the files can simply be denied access once the problem is discovered. In the latter case, the files are still available and are not in control of the owners.

To make your analogy more correct, it's like he made a photocopy of sensitive material and left it on the train table station. That's wholly different from leaving a note on the table stating where to find the original copy... at that point it is on the owners of that original copy to make sure it is secured.

Re:Hacker??!!

[phorm]

they didn't realize the link was right out in the open

Well, if their webserver creates access logs like most I've known, then they should have been able to figure that out fairly quickly and easily...

Re:Hacker??!!

That is why he was fined. To me, its a fit punishment.

You are a terrible person. You should be fined €3,000 for some petty pullshit and see how you like it.

Re:Hacker??!!

He did encounter authentication on a separate page, apparently.

Re:Hacker??!!

Yup, the first two trials were declared mis-trials because the jury in both cases failed to reach ANY verdict.

Double Jeopardy is bringing someone to trial for a crime of which they have already been ACQUITTED , hung juries do actually trigger subsequent trials, ones that will hopefully reach a verdict. The trouble with juries reaching verdicts is that you need to get all 12 to agree.

Re:Hacker??!!

> My understanding is that Amanda Knox is a very good looking woman who brutally for no other reason than her own pleasure killed another person.

The evidence suggests otherwise. After a couple failed trials, the state tried a third time with customized selections of testimony and evidence to pin it on her in absence of any other suspect (other than the guy who admitted to doing it). If this isn't your understanding, you really haven't followed the circus.

Re:Hacker??!!

You cannot be tried twice if you are acquitted. If there is a mistrial, then yes, you can be tried again.

Re:Hacker??!!

Actually I think Disney wants those mickey mouse videos up there.

If there are no kids stuff from Disney on youtube, I'm sure many parents will have their kids watch stuff from the competition instead... Dora, Barney, My Little Pony, Wiggles, whatever.

And buy the relevant toys, bedtime reading books, etc to go with them.

Re:Hacker??!!

[Yakasha]

Thing is. In the US you can be tried twice for the same crime. It all depends on how far the prosecutor (and you) want to push things. This is what various appeals courts, all the way up to the Supreme Court are.

nopee. the first court is the only court that hears matters of fact, i.e. evidence, witnesses, etc. all the appeals courts only hear matters of law, i.e. whatever. further, if the defendant wins a court case, the prosecutors can't appeal. So, no you can't be tried more than once.

I like taking pedant awards. Lets give it a shot.

The plain appeals process is a bad example perhaps, but there are other exceptions to double jeopardy that can result in multiple trials, convictions & punishments for the same crime: feds & states can prosecute separately & military court marshals being two I can think of. Of course they can also (not so) simply define your crime as multiple crimes (the act & conspiracy, for instance) and try you separately for each.

But then going back to appeals, especially due to misconduct on one side or the other, an appellate judge can toss out even acquittal verdicts, starting everything over, and letting the government get you again.

Defining double jeopardy is as entertaining as defining marriage. You're not violating anybody's rights, you're just clarifying them.

Re:Hacker??!!

[Yakasha]

4) Laurelli never bypassed (or even provably encountered) any authentication mechanism whatsoever.

Except by his own admission, he did, and chose to ignore it (bottom of the article). So he saw a safe with something inside, and it was open. He looked around and saw a sign that said "Access to safe contents restricted to authorized personnel. Do not touch." He then decided something along the lines of "Oh I better grab everything before they notice and shut the door."

You don't need a real-world analogy though, you just need an understanding of the thought process behind the "crime": He had a reasonable belief that unrestricted access to the information was a mistake, but chose to ignore that in favor of his personal desires.

While profiting on other people's mistakes is a hallmark of capitalism, when dealing with society or the government, it is a dick move. To me, the fine seems to be an appropriate incentive to get people to think before they act.

Re:Hacker??!!

[Darinbob]

A hung trial (fails to reach any verdict at all) does not count as a trial, same with a mistrial, and so does not affect the strict laws against double jeopardy. If the first jury had decided non-guilty then the whole affair would have been finished.

Some prosecutors do give up after a hung jury, many after two hung juries, it takes someone really obstinate to keep going for a third.

Re:Hacker??!!

[sjames]

But if you find a book on a table with a sign that says "Free book! Please take", you cannot be called a thief if you take it. If someone unwisely put a bound copy of their unpublished memoir on that table and walked away, they may certainly ask for it back but they cannot fairly call you a thief if you took it from the table.

The web i a medium for distributing information. If you see it in a web search, it's not unreasonable to expect that you may download it.

Had he been presented with a notice that access was restricted, particularly if he had to brute force a password to do it, it would be another matter.

Re:Hacker??!!

[sjames]

A website reachable from the public internet and indexible by Google is a public display. A closer analogy is that they had the documents on display on the sidewalk in front of the building. There was a photocopier next to the table plugged in and ready to go.

Re:Hacker??!!

[Redmancometh]

Yeah I didn't see that until a couple of hours after I posted it. I read one of the comments below that mentioned it, and went back and saw it on the bottom of the article.

I'm not sure if it was there when I posted though.

Re:Hacker??!!

Yes, he absolutely "did it wrong". Especially considering that he apparently walked up the site hierarchy and noticed an authentication page:

UPDATE: Laurelli ended up admitting in testimony that when he found the documents, he traveled back to the homepage that they stemmed from and found an authentication page. This indicated that the documents were likely supposed to be protected. That admission played a part in his later conviction in the appeals court.

Re:Hacker??!!

[Yakasha]

Posting updates to stories without a timestamp of when it was updated... ew.

Re:Hacker??!!

Nope. There are exceptions.
For example:
Works prepared by an officer or employee of the United States Government as part of that person's official duties. 21
None. In the public domain in the United States (17 U.S.C. 105) See: http://copyright.cornell.edu/resources/publicdomain.cfm
These have NO copyright. Since this was France, the rules may be different.

Re:Hacker??!!

[Dereck1701]

I am aware of that as a matter of law, but the premise was that a person can't be tried for the same crime multiple times in the US. That is false because there are stacks of cases where people are tried 2, 3, 4 or even more times, the law may say that the previous trial "didn't occur" but that doesn't erase the fact that it did. And there is technically no limitation to the number of times a person can be retried as long as a prosecutor can make enough of a case to avoid a verdict of not guilty (despite an hour of searching I still can't find the legal requirements of a finding of "not guilty" by a jury, is it 50%?). There are even cases where prosecutors have purposely caused (or attempted to cause) mistrials to prevent possible not guilty verdicts so they can retry a person in the future.

Re:Hacker??!!

[Darinbob]

The problem is that it's pretty trivial to create a hung trial. If the trial was not allowed to restart than anyone on trial could arrange to have a mistrial and then get off free.

Hung juries are mistrials too. However if a jury declared "not guilty" then the process is OVER! The prosecutor can not keep retrying until a guilty verdict is reached. It does have to be 100% unanimous though, either way. This is why judges will keep a jury on the case until they're angry because they do not want an "I don't know" decision. Now you may think that a hung jury is no big deal, but often enough you can tamper with a jury, so that one of the members refuses to vote for "guilty" because the mob is paying them off or threatening them, thus it's would indeed be another way to screw with the system if such a mistrial could not be restarted.

Technically there is no limit here, but practically speaking a mistrial is somewhat rare, and a second mistrial is even more rare, and a third attempt by an overzealous prosecutor is extremely rare (but happens at least once because people keep pointing to the same case as an example).

This is somewhat standard even outside of the US. It is basicaly the same in Canada as well, since both countries borrowed the sytem from English law. In some places, such as Scotland (anxious to avoid being seen as too English) where only a majority is needed for a guilty conviction (8 of 12) and there is no possibility of a hung trial. However I'd vastly prefer to be tried in the US if I were on trial and were really innocent, a system of 8 of 12 being allowed to vote guilty seems much less protective of the accused, and jurors often like to vote with emotions early on before they examine the evidence and argue over the facts. I have not heard of any countries with respected legal systems where you need unanimous to vote for guilty but only a majority to acquit, but I could be wrong. So I don't see what's so horrible about the US system given that context.

(This is for criminal cases. For civil cases (including wrongful death) the rules are more lax and you don't need unanimity from the jurors.)

Re:Hacker??!!

[TapeCutter]

If copyright is granted at creation and downloading is illegal, how does anyone browse the web without breaking the law? Aussie law has been the way it is for a long time. I remember we used to have places called libraries that had copyrighted books that people could borrow for free, if you had enough coins and time it was not illegal to photocopy an entire book for "personal use only". In our "big court decision" Kazza was convicted of distributing unlicensed material, the common sense "right to download" was upheld. The real problem in Oz is that 2 of the 3 biggest ISP's are sympathetic toward the MAFIAA, the 3rd (iiNet) gave them the finger and won the ensuing supreme court battle. The MAFIAA copped an enormous legal bill and Aussies rewarded iiNet by moving them up to the number 2 spot.

Recognise that the MAFIAA have a world wide propaganda campaign, they want the public to have the general impression that "other western countries" are tougher on file sharers so as to move the disinterested "middle" toward their extreme view that "downloading is theft".

Re:Hacker??!!

[TapeCutter]

Downloading is not "sharing" (unless you work for the MAFIAA), if you are observant you will notice the MAFIAA's fear campaign has dropped "downloading" sometime over the last few years and replaced it with "file sharing". Most torrent clients allow you to set uploads to zero (ie: leach mode). I'm a Aussie, the extortion racket..err...out of court settlements...run by the MAFIAA does not happen in Oz. They know it would be seen as an abuse of process and they risk exposing themselves to possible extortion charges. As such the Aussie MAFIAA have been threatening US tactics for almost a decade, they have not followed thru for the reasons stated above, nobody pays any attention to their hollow threats other than some lip service from politicians.

I believe the UK branch of the MAFIAA have been met with similar institutional resistance to US tactics, I think Canada is similar, but I'm less sure about France.

Re: Hacker??!!

AFAIK there are no "fixed rules" for that but obviously the prosecutor must have something new to present to the next level to have any hope of getting the appeal granted. And no prosecutor would want to appeal unless they indeed have something substantial because otherwise they just add to their failure by first not getting a conviction and then getting a poorly made appeal rejected. Another difference on this side of the pond is that if you as a defendant choose to testify, you cannot be convicted of perjury no matter how much you lie through your teeth when you do so. However, if you do so and it becomes apparent, the sentence handed down can be from the longer end of the range the court has to choose from because then you've definitely demonstrated that you don't feel any remorse either. Since your statements then become part of the court record, it is of course also the case that if the prosecutor (like you asked) does appeal a not guilty verdict and you have clearly lied under oath, it can be part of what he/she uses to file the appeal (after all, even if you were found not guilty, the prosecutor might then show the next level that you were certainly lying).

Note to avoid any misunderstanding in case you think of the Knox case and how Knox falsely accused an innocent man: That was not the same thing as lying in court under oath when you're the defendant since she had not yet been accused and was simply being questioned by police and pointing the finger at a man she knew was innocent then is of course akin to filing a false police report. And that's of course illegal.

Either way, in every civilized country except the UK, I would personally do my very best to just STFU if questioned (I know that the police can try to manipulate you into speaking despite your rights which is why I say "try"). When I (long ago) found out that in the UK not saying anything can harm you, I read up on it (because I'm curious about legal matters) and don't consider their peculiar system all that "harsh" either since not speaking can only harm you if you refuse even after having consulted with an attorney. Thus you at least get help from someone who knows what's best for you in that system before you have to take any action in it.

Finally, obviously no justice system is designed to convict innocent people and set guilty people free and neither is law enforcement. Some people are stunned when they file a police report and the police doesn't immediately get on their side and try to find evidence to reinforce the particular claim of wrongdoing from the same POV but instead try to objectively look at the claim being made and what evidence there is for and against it. Some systems, of course, are corrupt but that's another issue.

Re: Hacker??!!

In American CIVIL courts, money is king, and often the side with the most money wins. In CRIMINAL court, it is a bit different. One side is always the government, the other is you. There are tons of protections in place.

Well, as I said, we have misconceptions on both sides of the pond and thus I now learnt something. However, IMHO civil courts function a little bit better on this side because of the "loser pays" system. It prevents the more financially powerful party from getting their desired verdict if it's obviously wrong because lawyers will line up on your side if they know that they can make a fat cat lose and pay their bills. There is of course a restriction that the legal costs of the plaintiff must be reasonable to prevent a plaintiff that will clearly win from inflating the loser's costs and misery by intentionally getting ridiculously high legal costs that the loser will then have to pay. What I, however, do consider better on that side of the pond is the damages. I do think that they can in some cases be ridiculously high but on this side they can be ridiculously low and the former is preferable IMHO. For instance, I know of a case where a stabbing victim that became permanently blind only got $30k and - very appropriately - asked in media if anybody would sell their vision for that amount.

Re: Hacker??!!

[ixuzus]

So... if an Italian was accused of committing a crime in the United States and for some reason the Italians were unhappy with the way the justice system in the United States worked would you be happy for Italian President Giorgio Napolitano to intervene in the US justice system - to "step in and put an end to the whole matter?"

Now I know this is hard for you to understand but many people in the world do not consider 'the way we do it in America' to be synonymous with 'the right, only and best way'. This sort of attitude is one of quite a few reasons why you're not very well liked.

Re: Hacker??!!

[noh8rz10]

well if the italians thought that their citizen was getting railroaded in the US contrary to justice I would hope that they would advocate for the freedom for their citizen. although notice your straw man I never said that obama should step in and put an end to the matter. i just said that she shouldn't be deported.

what do you mean "reasons why you're not very well liked?" americans? or me?

Re:Hacker??!!

[Jason+Levine]

If copyright is granted at creation and downloading is illegal, how does anyone browse the web without breaking the law?

Because putting something on the web is akin to granting someone a license to view that material. The RIAA would be laughed out of court if they put a thousand MP3 on their website and then tried to prosecute the downloaders. However, problems arise when you didn't have the rights to grant someone a license to view the material in the first place. If I upload an essay I wrote or a photo I took, that's ok. As the copyright owner, I have the right to do what I want with it. If I take a photo and you upload it without my permission, though, that is not allowed. Since you have no agreement with me to put it online, you can't grant people a license to view it on the web. I would be hard pressed to take legal action against the downloaders, but suing the person who put my photo online would be relatively easy.

Re: Hacker??!!

[ixuzus]

well if the italians thought that their citizen was getting railroaded in the US contrary to justice I would hope that they would advocate for the freedom for their citizen.

Absolutely - and they would be well within their rights to offer consular support and even express their dissatisfaction through diplomatic channels but ultimately it would remain an American legal issue. I don't think that's the issue in question here.

although notice your straw man I never said that obama should step in and put an end to the matter.

Actually, that's exactly what you said. It's a direct quote what you said.

i just said that she shouldn't be deported.

Okay, we'll run with that as your intent then. The United States has an extradition treaty with Italy. I think it dates back to the mid eighties. It looks like this case would meet all the legal requirements. If the extradition should be blocked at a political level then there would be the prospect of other countries deciding that their extradition treaty with the United States wasn't worth the paper it was written on and tearing it up or preparing to randomly raise their middle finger to extradition requests from the United States if it wasn't politically expedient at home.

what do you mean "reasons why you're not very well liked?" americans? or me?

I was referring to an opinion of Americans and the American government that is quite prevalent internationally. As for you personally, I don't have enough information to make a judgement.

An earlier post made reference to some EU jurisdictions allowing double jeopardy to which you replied - and note that I'm quoting you here - "Sure whatever, as long as they do it to themselves and not Americans." Now correct me if I'm very much mistaken but that reads a lot like if a foreigner comes to the US and commits a crime they will be tried under US laws and legal principles but if an American goes to a foreign country and commits a crime we expect American legal principles to override the laws of that foreign country. Can you see how this might come across as a trifle arrogant?

I don't care if Knox is guilty or innocent. I expect proper legal process to be followed. If you don't like the Italian legal system you shouldn't have signed an extradition treaty with them. For further reading see how the US has tended to react when told no on the matter of extradition even when the country had no treaty obligation to extradite the person in question. If you need help finding a starting place then here's a hint: look slightly south from Uzbekistan.

Re: Hacker??!!

[noh8rz10]

i'll make it simple. if my neighbor was going to be detained as a labor slave in North Korea, I would fight for him and I would get every single politician up to Obama fighting for him. I wouldn't be like you "oh, that's their slave labor culture, who am I to impose my western world views even though my citizens are involved?"

Re: Hacker??!!

[ixuzus]

North Korea is a barbaric dictatorship with a despotic leader where your chances of a fair trial are small to arguably non-existent. Italy is a peaceful democracy with a functional judicial system that was deemed fair enough by the United States for extradition treaty to be signed. Completely different situation warranting a completely different response.

Re: Hacker??!!

[noh8rz10]

Well imma still fight. Why does everybody in Europe have a boner or lady-boner for sending Amanda Knox to jail? Smoke some weed, works for me.

Re: Hacker??!!

[ixuzus]

Can't comment on European attitudes. My family left Europe well over a century ago. It's not my thing but if the Europeans get all hot and bothered about sending a convicted murderer to jail then who am I to judge?

Saving face by hurting innocent people

[ZorinLynx]

I HATE it when governments do this. They can't simply admit to having made a mistake and made those files public (albeit difficult to find). They have to fine this poor person just for coming across something interesting and posting it.

Fuck them. Fuck them hard with a chainsaw, every last one of them who pushed for this.

Re:Saving face by hurting innocent people

Governments should be barred from the whole appeals process, without exception.

Re:Saving face by hurting innocent people

I thought the French just used Minitel.

Really though when you get pissed off about what the NSA was doing the French have been doing to their people for years. Them, the Brits, and the Germans. So it's theater of the absurd when they get mad at the NSA for spying on their citizens.

Re:Saving face by hurting innocent people

Stop the planet I want off. This will never stop unless we as a people make our own laws and kill people over thins kind of thing then it will stop just nothing else is ever going to work. And if we as a people are not willing to do this then we cant complain.

Re:Saving face by hurting innocent people

Governments should be barred, without exception.
FIFY

Re:Saving face by hurting innocent people

So you support anarchy? I don't think that would work out.

really

[lister+king+of+smeg]

I guess my tech illiterate grandma is a hacker then because she can use Google too.
If clicking a link on google is all it takes for you to be branded a hacker now why don't they just lock up everyone that is not Amish (who in turn act as our jailers as they are the only one that can't google things).

Re:really

[PRMan]

The irony is, the Amish don't jail anyone. They just shun.

Laws server their purpose

[EMG+at+MU]

In this scenario the Law worked perfectly.

Government sets rules on what you can and cannot do,
Government interprets those rules,
Government imposes punishments based on those interpretations.

You piss off the government, they use the laws to make your life hell.

Re:Laws server their purpose

They really have made the Internet nearly useless haven't they? Usenet used to be great before they prevented the people that used it from fighting back against spammers.

Re:Laws server their purpose

In this scenario, some scum bag dipshit who was full of their own piss decided to pull a power play (probably another Napolean wannabe, or worse a Hitler-in-hiding) and punish someone for doing something that not only wasn't wrong, was absolutely the right thing to do.

The Hitler-in-training-Napolean-wannabe government pissant who prosecuted should be shot, with 50 caliber sniper rifle, while lined up perfectly with the entire prosecuting attorney's team as well as the judge, take out the entire corrupt nazi group at once.

Yes, I said it - those in that government that prosecuted for pointing out, and re-sharing publicly available public documents are the same as the Nazi's back in Hitler's day.

Re:Laws server their purpose

[pete6677]

Right, because France is full of Republican legislators.

Re:Laws server their purpose

[treeves]

If the law is "working" as it should, you know what you can and cannot do *before* you do it, and you are dissuaded from doing what you *know* you aren't supposed to do. This situation is nothing like that.

Re:Laws server their purpose

[emilv]

This situation is nothing like that.

Yes, it is. He found out that the resource required authorization and that he found a bug in that authorization. Before he downloaded the documents. He was well aware that he was not allowed to download those documents.

Re:Laws server their purpose

[PRMan]

In the first case, nobody knew that he saw the login page. So they acquitted him. In the appeal, he admitted to seeing the login page. He was convicted because he knew he was getting around a lock.

Streisand effect?

[Bomarc]

Can someone post enough info .. to generate a Streisand effect? Would love to know what they have to say.

French government

[DoofusOfDeath]

Often I marvel at how banal the American government is. Then, occasionally, the UK or French governments make me feel a little better.

Re:French government

[zippthorne]

How can you appeal an acquital?

Re:French government

[MadGeek007]

Nope https://en.wikipedia.org/wiki/...

Re:French government

[jimshatt]

Is that true? I though the double jeopardy clause ruled this out: http://www.youtube.com/watch?v...

Re:French government

Uh, no, they cannot. In the US that is known as "double jeopardy" and is not allowed. If you're acquitted, you're done. They can find new evidence, you can write a full confession, it doesn't matter. When that gavel comes down on the "not guilty" verdict, you're no longer capable of being held criminally liable for that particular crime.

If a case is dismissed without prejudice, it can be retried. There is no verdict in that scenario. There's also a separate sovereigns exception, which in some circumstances could allow the feds their own shot at prosecuting, though that wouldn't be applicable here since this would have been tried as a federal crime to begin with.

Re:French government

[Calavar]

Hmm, looks like you're right. I stand corrected.

Re: French government

The same way you appeal any other court's decision, notwithstanding that of a Supreme Court's ruling. Look into it. It's a simple procedure to file an appeal that results in a review of the court's adherence to proper procedure. Appeals courts don't retry a case, they merely look for flaws in the original adjudication.

Re:French government

[jklovanc]

Acquittals are regularly appealed. It could be due to many causes including invalid ruling by the judge, incorrect jury instructions, jury tampering, etc. Basically the premise is that the original trial was flawed in some substantial way and they need to do it again.

Re:French government

[billrp]

But I thought even if you are found innocent in a criminal trial you could then be tried in a civil trial, which is what happened to this guy, and could also happen in the US.

Re:French government

Ask the Italian system that tried Amanda Knox again after an acquittal. Guess they were looking for "best 2 out of 3?"

Re:French government

What crime? Publicly sharing public information? How and where is that a crime? Oh wait, that's right, Hitler's France.

Re:French government

[gmhowell]

You can also go talk to Federal prosecutors for a trumped up 'civil rights violation' charge.

Re:French government

[xbytor]

There are times where "double jeopardy" (seemingly) does not apply. Specifically, if a judge is corrupt and has been paid off to throw a case for a defendant, the case can be tried again once the corruption has been revealed. This admittedly is a borderline situation but it does happen.

Re:French government

[david_thornley]

That's not perfect protection. You can be prosecuted for the same offense under both Federal and state law, if both sets of law apply. You can be prosecuted civilly after a not guilty verdict. It may be possible to charge you for essentially the same acts if it's really two separate offenses. (If you kill Jim and Bob, and are acquitted of killing Jim, you can be charged for killing Bob, AFAIK.)

No more 7331 envy here

[sgt+scrub]

I've always referred to myself as a lowly grinder, far beneath the vaulted hacker. I'm feeling pretty high on the geek scale now.

What about negligent webmaster?

So what punishment was meted out to the webmaster who failed to properly secure the documents?

Acquitted Then Retried?

In France you can be acquitted then tried again?

Re:Acquitted Then Retried?

[BitterOak]

Very few countries have double jeopardy rules that work the same way as in the U.S. In most countries, both defense and prosecution can appeal a decision. It is not at all uncommon in these countries for acquittals to be appealed and overturned. This isn't just in Europe. It works that way in Canada, too.

Re:Acquitted Then Retried?

[Redmancometh]

In the US you can lose/win a criminal trial and then win/lose a civil suit. In this case he won the criminal trial and lost a civil suit (how the gov can file a civil suit I have no idea I don't know France) which can happen in the US as well. OJ owed (owes?) a bunch of money in restitution after his little incident, because he lost the civil suit.

 

Should Be Public Anyway

Government information, presuming the government is actually for the people and by the people, should all be publicly accessible.

Why is anything accessable on the internet regarde

[GaryGreenwell]

If you forget to lock your front door ( a lapse in security ) is it OK for anyone to come into your house?

Re:Why is anything accessable on the internet rega

Nah. This is more like a public library that wasn't supposed to be open on Sunday. But a researcher tried the door anyway and it was unlocked, took some photocopies, and left a note for the librarian saying "you should really lock the door on Sundays if you aren't going to be here".

Woot!

[msauve]

Liberté, égalité, fraternité!

tr. "Meet the new boss, same as the old boss." aka "Lèse-majesté"

Re:Why is anything accessable on the internet rega

If you left a book on the street out the front of your house, but didn't give anybody your address, is it somebodies fault if they read the book?

There is no expectation of privacy here, it is a publicly accessible web page.

Re: Why is anything accessable on the internet reg

only if they wear uniforms and carry guns. i don't know about france, but in this country texting is a shooting offense. so you walk through a door you beter know whats behind it.
we only have whiny liberals to fool you.

Old problem

[dbIII]

A lot of the stuff in Bruce Sterling's "The Hacker Crackdown" comes under that category or close to it. The book can legally be read online.

Re: Why is anything accessable on the internet reg

Thank You. The very idea that there can be an analogy between a locked door on a (non-existent) physical structure and a link to an unsecured file on a web server is utterly absurd.

If liability should exist, it should be assigned either to Google or the agency of the government, itself. At which point, if anyone still believes the The People have any rights whatsoever, one must ask how a democratic government can justify keeping information from itself. The only rationale which stands the test of reason depends upon a distinction between the hoi polio and whichever upper class members might suffer harm as a result of daylight.

Re:Reasonable

[Sabriel]

If someone leaves their door open, you don't walk in, copy their private shit and show it to the public.

But if someone hangs "Public Entrance" over their door, then imprisons you and fines you after you show people what you saw inside, they might be the French government.

Re:Why is anything accessable on the internet rega

Am I a peeping Tom if I glance at your house while walking by and you're having sex in front of an open window?

French Law?

[Revek]

Couldn't someone sue them for negligence in allowing these documents to be publicly accessible? Really if it was that sensitive, shouldn't the button monkey that allowed them to be indexed by google be the most responsible?

Theft from an Unprotected Site is Still Theft

[BBF_BBF]

7GB of downloaded files doesn't sound like it was just an "accidental" downloading of some files.
Let's put it this way.
If you misconfigure your wireless access point and leave it open, does that mean that it should be legal for anybody to connect to your network and download all the files from your NAS without penalty? Including *those* pictures of you and ____ doing _____ to _____, and your tax returns from the past 5 years?

Re:Theft from an Unprotected Site is Still Theft

[BitterOak]

Not only that, but he didn't merely download the files, but republished some of the material on his own website. Even in the U.S. that can lead to big fines or lawsuits for copyright infringement. Had he merely kept the files to himself, he probably wouldn't be in any trouble at all.

Re:Theft from an Unprotected Site is Still Theft

[Revek]

Go buy offline explorer and set it to any large domain or wget for that matter. Make it ignore robots.txt and grab every link and soon you will have yourself at terabyte of fun. Its bullshit to think that if its publicly accessible that person can't make use of it. How many times have you laughed and said I simply must have that cute little kitty for my person collection? Thats you lolcat thief. This is retaliation for some small minded crat who got his panties in a wad. The only place this guy went wrong is perhaps he should have told the journalist that he could search google for his search term and find the goodies.

Re:Theft from an Unprotected Site is Still Theft

[Areyoukiddingme]

First, it's not theft. Making a copy will never be theft. Get over it.

Second, yes, it damn well should be legal. The Internet is primarily a publishing engine. It's for publishing things. As in, making them available to the public. If you're an ignorant jackoff, you shouldn't be on the fucking Internet in the first place. Your malware infested piece of shit computer is a menace to everyone around you. No, there should be no penalty for anyone accessing files YOU PUBLISHED. Or files the government published.

"But I didn't mean to" is the last refuge of the incompetent.

Stop denigrating intelligence. Stop vilifying education. Stop demanding the government level draconian punishments against other people for your fuckups. It's not like the necessary knowledge is restricted to some exclusive priesthood or elite guild. It's freely available and easy to find. Learn it. Use it.

And stop defending people who actively avoid learning.

Re:Theft from an Unprotected Site is Still Theft

[jklovanc]

First, it's not theft. Making a copy will never be theft. Get over it.

Then there is no theft of credit card information or any other personal information stored on servers. Sorry but I don't believe that.

Re:Theft from an Unprotected Site is Still Theft

The theft occurs when you impersonate a person by using those numbers under their name and steal their identity.

Re:Theft from an Unprotected Site is Still Theft

[Revek]

Thats weak.

Re:Theft from an Unprotected Site is Still Theft

[gman003]

It wasn't an accident that he downloaded them, it was an accident that they were up there at all, or in a publicly-accessible way. They were indexed by Google, after all (shouldn't they have been named co-defendants?)

From the gibberish in TFA, it sounds like the site had some sort of Javascript user authentication on index and search pages, but direct URLs always worked. I'm not sure how that let Google index them, but even the government is claiming that anyone who tried to access those URLs would get 200s, not 403s.

Further, the documents appeared, to this guy at least, to be things that would have been public - he "hacked" the rough equivalent of the FDA, not the DOD or DHS.

Better analogy: you're in a military surplus store and find a bunch of boots (hardly unusual in a surplus store, in fact it would be very odd to find one that did not have a few racks of military footware). You buy them (because you needed costumes for a play or something (note to Hollywood: The Sound of Music hasn't been remade in nearly five decades, time to get on a modern-day retelling)), take them home, and leave them in a box for a while. A few days later the National Guard swarms your house and you're arrested for treason because those boots have some sort of new sole that's classified as weapons-grade, and those boots were never supposed to be surplussed in the first place.

At no point did you have any idea that anything was wrong - you went to a place where items are sold, you bought some items that were commonly sold (or to bypass the metaphor, you went to a site that searches public information, and found information that you were allowed to access). The fault would logically lie with whoever had those boots/documents made available to the public incorrectly (if, in fact, it is incorrect - what kind of stuff about food safety should *not* be public data?).

Re:Theft from an Unprotected Site is Still Theft

[Golddess]

If you misconfigure your wireless access point and leave it open, does that mean that it should be legal for anybody to connect to your network and download all the files from your NAS without penalty? Including *those* pictures of you and ____ doing _____ to _____, and your tax returns from the past 5 years?

Yes. You wouldn't blame the recipients if, instead of a misconfigured wireless access point, it was your crazy ex who still had a key who was giving out free copies of those documents, would you?

Re:Theft from an Unprotected Site is Still Theft

Yes.
How should I know that you put a bunch of files online that you don't want me to see?
If you print out everything on your hard drive and put it in a library you can't expect people not to read it and take it home.

Re:Theft from an Unprotected Site is Still Theft

[Zargg]

Yes it should be legal. You are the one broadcasting your information out to the public, why would it be illegal for someone to listen?

Re:Theft from an Unprotected Site is Still Theft

[hyfe]

Downloading from a NAS on a local network is substantially different from downloading from a webserver on the internet.

The first one is obviously intended for local use, and unless one has good reasons to believe otherwise one should assume it's private content.

.. a fucking webserver on the fucking internet following a link from fucking google? That's tree separate reasons for assuming it's public content intended for sharing, so that's what any reasonable person should assume it is.

Re:Theft from an Unprotected Site is Still Theft

That's called "fraud" and "breach of privacy", not theft.

Re:Theft from an Unprotected Site is Still Theft

[jklovanc]

It's stronger than to original statement.

Re:Theft from an Unprotected Site is Still Theft

[Zontar+The+Mindless]

Not only that, but he didn't merely download the files, but republished some of the material on his own website. Even in the U.S. that can lead to big fines or lawsuits for copyright infringement.

Except that, in the US, most if not all works created by the Federal Government or its agents are automatically placed in the public domain.

Re:Theft from an Unprotected Site is Still Theft

[Revek]

In what way? He compares a clear crime with a supposed crime. His case makes every person who ever retold what they have learned a criminal act.

Re:Theft from an Unprotected Site is Still Theft

if you have a web page, publicly viewable from the internet and google has it indexed and you didn't lock down access to those files, then yes, your attempt at making an intelligent remark - nah - who am I kidding... fail!!!

Your feeble attempt to link poor wireless security to a clear and simple publicly accessible web page, filled with public information, formulated by a government agency about public information that every member of the public has the right to access doesn't even come close to passing muster.

Clearly some dumbass didn't mark a folder as restricted when they should have.
This is not the fault of the person who looked, found and downloaded - this is the fault of the government entity who fucked up.
No-one can know intent, that's thrown out at real trials, with real judges - these were just french monkeys aping a bad legal system that allowed this travesty to occur.

Gee, I guess they probably intended to *stop right there, you cannot know or gleen their intent, they left the documents open and accessible, that has to be their intent, period!*

have a nice day

Re:Theft from an Unprotected Site is Still Theft

[jklovanc]

The post I was commenting on get into trouble when making absolute statement like "Making a copy will never be theft". I was merely pointing out how that blanket statement was incorrect.

Re:Theft from an Unprotected Site is Still Theft

[oobayly]

I'm not sure how that let Google index them

I discovered that Google was indexing pages on it site that were only ever linked from emails - my guess is that they index any links in mails to and from gmail accounts. We just used robots.txt - the pages are for public consumption, it's just simple if they're not easily searchable.

In short, if you mention it via gmail it'll probably be indexed.

Re:Theft from an Unprotected Site is Still Theft

I was merely pointing out how that blanket statement was incorrect.

Except it is not incorrect, and your "proof" does not refute that.

Then there is no theft of credit card information or any other personal information stored on servers.

That was your supposed "proof", right? Because yes, that is not theft.

Can the people who acquired that credit card information use it to facilitate theft, fraud, and a number of other illegal activities? Yes.
Was it wrong for them to acquire that credit card information? Almost certainly.
But was the act of acquiring the credit card information theft? Most definitely no.

Re:stacked neatly in the public park

Naw a better example is the documents are stacked neatly in the park, covered by a fallen tree frond, and then snow fell on top of it.

So then Park Maintenance removed the snow and the Recreation Dept removed the tree frond, and there the documents were.

Apples != Oranges

A little bit like leaving your belongings laying on the footpath outside your house, then having someone arrested for breaking and entering when they pick some of them up and walk off.

Fortunately

[Greyfox]

Having learned from previous mistakes, the agency had taken the precaution of encrypting the documents using an incomprehensible standard known as "French," so no one really paid it any mind.

They're french.

When has anyone accused the french of doing anything intelligent.

Re:Reasonable

[jklovanc]

From the article

UPDATE: Laurelli ended up admitting in testimony that when he found the documents, he traveled back to the homepage that they stemmed from and found an authentication page. This indicated that the documents were likely supposed to be protected. That admission played a part in his later conviction in the appeals court.

The hung out an "authorized persons only" sign but forgot to lock the door.

Re:Reasonable

[Golddess]

And if someone instead let me in, let me look around, take pictures, and it later turns out that person was your crazy ex who still had a working key to your house?

slow yer roll

Dude clicked on a search result. How do you tell by an URL alone that something is out of the public domain? Not exactly the same thing as leaving an open access point unprotected and downloading from somebodies computer.

Theft?

They say he "stole" the documents...

Um, sorry google, I apparently stole your search page today. Several times. Now I feel bad. Do you need it back?

Re:Reasonable

More like they hung out an "authorized persons only" sign on the front door, but forgot about the side door.

Not the end of the story

[manu0601]

In this case, the "hacked" agency was not willing to sue, because they were ashamed of having published documents by mistake.

The case happened anyway because the general attorney wanted it, despite he did not understand what it was about.

The case will now probably move to the Cour de Cassation or the Conseil d'Etat, which are both french supreme courts.

If you find an house with open door do you enter ?

Look I hate governemental abuse like everybody, but the fact is , if you find a house with open door, or an non working lock and you enter, you are still trespassing. Why do the hell some people on slashdot think this is not the same with a server, and then the next article try to say we don't need new law as existing law for physical items (mail/email comparison) are still good enough ? Well yadida, it is obviously that in such case trespassing law would be used.

Re:If you find an house with open door do you ente

[Revek]

Not the same thing. Not even close. Private dwellings on the internet are supposed to protected by some form of authentication.. Its a enormous library. If you want something kept secret don't be a luser and put it on the internet. I guarantee the root cause of this is some jackass who wanted to be able to access their data from home. He didn't go around url hacking, he used google. Its like they put it in the yellow pages and got pissed when someone saw it.

what a TERRIBLE analogy

[Camael]

In particular, if the door is unlocked, that doesn't mean you can walk into the building and take photocopies of everything you find there, then publish the documents.

This is a prime example of the misuse of analogies to try and equate things which are not the same.

How is clicking on an online link in any way similar to walking into a building? A building has walls purpose built to keep people out. In the case of this French website, what is your "wall"? And to stretch your faulty analogy further, if an area appears to be public land, are you not able to stroll around and take photographs?

Re:Reasonable

[Imrik]

More like they hung a sign, locked the door, and forgot to build the walls.

Govt. avg. IQ

Since medicine, technology, and businesses tend to attract the brightest people, sadly the leftovers end up in governments. Too bad they have so (too) much power over truly innocent people.

(my captcha is "insipid" - oh the irony...)

Not the full story (a.k.a RTF)

[EnempE]

He admitted in court that he had been to the front page of the site where they were hosted and was aware that the documents were not intended to be available to the public. Finding them by accident on Google is one thing and not the point of contention here. Then downloading all of them and then republishing them knowing full well that what you are doing is definitely unethical and probably illegal is another matter. The blogger runs a security company and should have informed the company of the fault before blogging about it. This is not the kind of practice that is considered acceptable in the security community. Given that it could be considered as a criminal offence in Europe to access the documents without the requisite authorization you can take the fine (no prison time, no criminal conviction) as not a bad outcome. The issue here is that the court had no idea about the the online environment or what crime online is before the trial which speaks to a definite problem in regards to the training of judicial staff.

Re:Not the full story (a.k.a RTF)

Sorry, but any real lawyer would tell you that no one can define or clearly state another person's intent, regardless of content / information.
Only the person who made the site can say what their *intent* was.

The problem here is that the judge totally failed, the law is the law and since no one can know anyone else's intent, cannot know if they were intended to be public or not, especially when all the evidence is to the contrary (google search results clearly showed links and could take you to that data).

That means it was public, pure, simple, cannot be debated in any way shape or manner.

The judge, the prosecuting attorneys, the entire legal system should be tossed into prison for falsely accusing, charging, and trying this individual repeatedly for a non offense. Then the keys should be lost, and their color coded prisonware should indicate they were the ones that charged and convicted many of their fellow inmates, and let justice ensue.

Re:Not the full story (a.k.a RTF)

[jwhitener]

So if he had simply stated that he believed the documents were intended for the public, and was searching for them using google, he would not have been fined?

Re: Not the full story (a.k.a RTF)

[EnempE]

For an act to be criminal it often is required that the person is aware that the act is illegal. It is not fair for a the courts to punish a person for breaking a law that doesn't reflect current social norms and is collectively forgotten. Those weird sex laws that you read about would be an example. In that case you could honestly state that you believed you were acting lawfully. That belief needs to be backed up by fact, your behavior should reflect your understanding. In this case, he would need to be able to refute the evidence presented by the prosecution. The had the log files from the server and his machine that showed he visited the front page that showed that the documents were restricted to those that had logged in. He could have maintained that he didn't understand that the particular files in question were restricted but it may have been unconvincing as he works in it security.

Broken lock analogy

Hi, I am French, form what I read, he was convicted because he admitted he knew the files were meant to be protected by a password.

He stumbled on the files doing a google search
But then, he went to the home page of the site portal and checked users were asked to login to access the site ....
Even though he found that anyone had access to the files using a url ...
Then he proceeded to get all the files he could from the site ... Without telling the site!
That's why he was convicted : He knew he was doing something wrong! And still did it ...

You see a building with a broken lock, you loot it?

Another view of this...

Disclaimer: IANAL

Just to be a little more complete on this topic, while interrogated by police, Olivier Laurelli recognized that when going up directory structure he found the login page of the site containing the documents and thus was aware that this site was intended to be protected (even if this protection was utterly flawed) before getting a copy of the documents. This knowledge made him fall under the French law regarding "fraudulently staying in an automated data processing system" ("se maintenir frauduleusement dans un système de traitement automatisé de données").

The other point regarding "theft of documents" is highly dubious though, because, as often in "hacking" cases, there is no real "theft" the original files being still on their server...

It will be up to the "cour de cassation" (higher French jurisdiction) to decide about this.
(or maybe even "European Court of Justice")

Legal explanation on this ( French) site http://www.maitre-eolas.fr/post/2014/02/07/NON%2C-on-ne-peut-pas-%C3%AAtre-condamn%C3%A9-pour-utiliser-Gougleu where the case is "dissected" by an attorney.

Yes.

It should be the case that the uploader is the guilty party.

Moreover, the French government put the documents up. That'd by like Warner Bro.s posting Harry Potter online, and then yelling when people downloaded it.

Re:Yes.

[l0n3s0m3phr34k]

like this? There's many other such instances of various companies doing exactly that. Personally, I feel that if the RIAA/ MPAA really wanted to fight their cyberbattle, they should be deploying fake torrents with system-wiping malware. Let's just go 100% shadowrun...MPAA can hire some runners in some "other nation" to build software that erases .avi, .mp*, erases your TCP/IP stack, then hoses your MBR on the HD. Within a month or so, they should see a serious drop in piracy. At the moment that is illegal, but they will never will such asynchronous warfare via the courts against downloaders (which I am one of).

The main reason I am a downloader instead of cable is I despise commercials. I don't dislike the idea of knowing about new products, but the manipulations of emotions on such a wide scale, with no regards to the affects of said manipulations have on our cultural psyche, just to get me to buy stuff...that's OK, I'd rather have an 1-2 hour delay in my watching and enjoy it without commercials. If there was a legal way to pay per-episode and just easily get my ,AVIs, I would as long as I didn't have to install some more special software. HEY HBO, GIVE ME MAGNET LINKS FOR .AVI's AND I'LL PAY YOU.

That's some cold shit right there.

[godxile]

If you first don't convict try try again.

Look in the mirror for answer to the problem...

What the fuck is it with autistic geeks, seriously?

You can't even be bothered to RTFA, but want to post your BS about it.

Your analogy is an epic fail!
He clicked on a google search results link for unrelated topics, and this turned up. He found the info interesting and used wget. He thought he was on a public site.

That is what happened, not an analogy.

A more accurate analogy:
The owners of the building stack the building contents out in the front lawn. Joe, walking past on the sidewalk, looks in the lawn and takes some pic's with his camera, thinking:'man, that's some wacky shit! Wonder what's going on? I know, post it online!' then getting arrested for taking the pic's, getting acquitted of any crimes, then another entity getting it moved in an appeal to a civil court, then Joe getting fined for it.

And Joe never left the sidewalk, just his bad luck to be walking down that sidewalk with a camera while the building contents where on the lawn that day.

Re:Why is anything accessable on the internet rega

[AHuxley]

It really depends on the legal system, part of the world, political and gov reaction to database/network entry in the 1980's to early 1990's.
Lots of countries had to drop cases due to that lack of any laws covering basic system entry and file transfer out of their system with logs been of little help.
So legal teams in many countries now face stiff new fines and very clear legal definitions regarding computer network access. The govs now have the experts, funding and political support to win.
Layer on legal systems that see the police spending time and cash looking into 'your' life as been something you have work your way out of legally - a legal system where you have to prove why your not guilty vs the gov having to show your guilty.

Re: stacked neatly in the public park

No no it's like the documents were in a park, and a bird used the paper to make a nest out them. Unfortunately the bird was an invasive species and so park rangers culled them and found the nest and removed it. Then the papers were taken back to the office where the secretary who was having an affair with the accounting guy typed them up thinking they were a report to the government on the office's productivity for the year. Meanwhile the wife of the accounts guy, who was s gold digging wench, came in and busted them. Wanting revenge, she took the documents, which were covered in bodily fluids because the secretary and accounts guy didn't clear the desk before their romp, and gave them to her lawyer.

Yea, that's pretty much how it is.

data protection act?

[PC_THE_GREAT]

Don't they have a form of data protection act whereby, one is legally enforced to keep private data secured?
How can one claim the guy gained access to the data illegally if you are posting the data?

Struggling with this

[Tailhook]

I'm finding it difficult to tie this to US policy somehow. Does anyone know how the US caused this? Was there some sort of US IP in the documents that were exposed?

I'd appreciate any help. Thanks.

Re:Struggling with this

[PRMan]

The guy isn't holed up in the Ecuadorean Embassy awaiting extradition to the US, so I don't think so.

Re:Reasonable

[Sabriel]

It's still a public-facing website, and his entry point was public. If you build a mall, provide multiple public-facing entrances, but only put a security guard on one of those entrances, it should NOT be a crime for someone to walk into your mall via one of the other entrances.

Also, he was convicted of "theft of documents and fraudulent retention of information." Theft? Fraud? WTF? Unless there's actual evidence of criminal intent, I agree with an earlier poster, they punished him because they were embarrassed, and they're the ones who've committed theft and fraud by taking money from him.

What if he linked to them?

[jader3rd]

What would have happened if he would have instead made a blog post and then linked to the documents? Would that still have been unethical?

Why not?

Around here we have at least 3 different levels of courts, I think 4 for some things. Both sides can appeal to higher court if they feel there was something wrong with the process of the lower court. The higher courts don't take cases simply on the grounds of " I think the verdict was wrong", they need some reason why the appealing side thinks the process went all wrong. It's not a bad system generally. Minor things will never get to appeals, unless the lower court judge was drunk or something. Also lower court judges can't just rule their friends free and then the friend becomes untouchable. Can't happen like that.

But Google was not fined?

[xiando]

> Google makes links available, is not charged or fined
> Guy clicks links on Google search engine, is fined
Am I the only one who has a problem with this "logic"?

He wasn’t fined for theft or fraudulent rete

But instead he was fined because although he knew that he souldn’t have been where he was (he confessed he was in a normally login/password protected intranet), then he remained there, took documents, and then tried to sell them to newspapers or other journalists.

Re:Reasonable

[jklovanc]

Due to the fact that he new about the authorization page he knew he he didn't ha authorization have the documents but copied them anyway that is theft.

Wrong analogy

The analogy with the open office is just stupid.
A server is not a physical place that you enter or leave.
If you search for an analogy with the people world, a server is more like a counter where you request documents and/or service. If the people serving at the counter deliver private document to honest people that did nothing to fool them, it's the responsability of the agency that put the counter into service.

BTW, it's not the agency which appealed. It's the government.

blatant copyright violation??

erhm.. with lack of a copyright statement, you are not able to republish, the copyright statement and license would GRANT you various rights, without it, you have none.

Re:blatant copyright violation??

[presidenteloco]

If you publish something, and don't indicate that you have restricted the right to copy it, I can legitimately assume that you are not intent on restricting the right to copy it. I can assume, if I wish, that you have put the item in the public domain, by publishing it without any notice of your intent.

If you later decide to exercise your legal ability to restrict copying, you can inform people of that, but that should carry no legal weight retroactively. If I republish before you have asserted that you are restricting, c'est la vie. If I republish after I should have known your intent to restrict, then I am at fault.

Re:Reasonable

[Sabriel]

Hmm. It's not clear to me from reading the article whether he knew before downloading them that he was not authorised. That said, I will grant that as soon as he did find out, he had a problem and should have acted accordingly.

Concerning the court's competence, I found this part disturbing:

Incredibly, although a lower criminal court ruled that Laurelli could not be penalized for accessing data that was not secure, the DCRI decided to appeal the decision. That's after ANSES, the organization from which the documents were “stolen” in the first place, decided not to pursue any civil action. Although the court documents are not yet available, French technology news site Numerama and the French-language version of Slate both quote a baffling scene from the first appeals-court hearing in December 2013, which Mediapart (paywalled link) attended. During those opening arguments, a presiding judge appeared unable to pronounce Google (saying “gogleu” instead) and demonstrated an ignorance of how logins occur. The prosecutor did not help this perception, saying at the hearing, "half the words I heard today, I did not even understand."

The appeals court acquitted Laurelli of fraudulently accessing an information system but saw fit to convict Bluetouff of theft of documents and fraudulent retention of information. The court wrote: "It is well demonstrated that he was conscious of his irregular retention in automated data processing, accessed where he downloaded protected evidence; and that investigations have shown that these data had been downloaded before being... disseminated to others; that it is, in any event, established that Olivier Laurelli made copies of computer files inaccessible to the public for personal use without the knowledge and against the will of its owner"

1. The first court ruled the Laurelli wasn't guilty. ANSES, the source of the documents, subsequently declined to pursue any civil action. Despite this, the DCRI appealed and pursued _anyway_, yet the prosecution didn't have a proper understanding of what they were prosecuting!

2. It was actually established by ANSES that those files (however inadvertently) were _accessible_, not inaccessible, to the public, so the court has rendered judgement directly contrary to the evidence presented by the same national agency from which the data was downloaded.

Intent

It is a question of intent.
Did the publisher *intend* the documentation to be private?
And did the reader understand that intention?

If he knew that the documents were supposed to be private, then it is a fault to reproduce it. Ethically, if nothing else. Downloading 7GB? Heh. He'd have to be pretty dumb to think that was intended.

Re:Intent

[presidenteloco]

Um. Google downloads exabytes and exabytes (in order to index it and provide searchable access to it). So by your logic Google is at fault because they download "a lot of material" from each site they can technically index?

You are talking about a country close to a polices

One thing western Europe has going for it is that you are a lot safer from the police there than in USA. The US police just take peoples belongings because they "suspect" that they have been used in a crime. This can happen even without a trial or a conviction. IMHO your bill of rights has no meaning as long as that persists.

And the most perverse side of this is that the police departments get the money they take so it can be used to finance salaries and equipment.

Re:You are talking about a country close to a poli

[ciderbrew]

They seize and retain property found on premises and persons in the UK too.

How embarrasing for French democracy

At one time, France was a shining example of social democracy. Now, it is beginning to acquire hints of american style neo-totalitarian heavy handedness.

Re:Reasonable

[Kjella]

More like he came in through an unlocked side door with no sign, thought "Uh is this for the public?" and left through the main door only to find that it needs a key to open from the outside and there's a sign saying "Authorized persons only". So far, a honest mistake on his part and not anything he could be blamed for. But when you go back in through the side door and start cleaning the place out, that's not a mistake anymore.

Re: Why is anything accessable on the internet reg

[coofercat]

Both wrong.

If the book contains obviously non-public information, then, as soon as you realise this, you're not allowed to read any further, and you're not allowed to re-publish any of it, and you should notify the home owner of the problem. This guy didn't do any of those things, even though he knew the files to be non-public, that's why they prosecuted him.

If he's downloaded a bunch of files, read them, and then told the agency that these files were publicly accessible and that he'd deleted the copies he had of them, he'd have been just fine. He knew they were non-public, but decided to make them public by republishing them. That's what made him a criminal.

One could argue that had he done the right thing, they'd have come after him anyway. That may be true, and one would hope that he'd be acquitted rather rapidly with the prosecution given a strong ticking off by the judge. I doubt it would be quite as happy and rosy as all that, but at least this guys would have had morality on his side.

Re:Why is anything accessable on the internet rega

[gsslay]

No, it is not someone's fault if they read it. But your analogy isn't quite accurate. This is not a case of someone stumbling over a link, and innocently reading a bit. He knew it wasn't supposed to be accessible, he knew it was a mistake, but he copied it and then re-published bits in his blog.

Yes, those that left it there unsecured screwed up and should answer for that. And maybe it should have been public knowledge, I don't know. But let's not pretend it was all done in innocence.

So this is more like finding a private journal in the street that has obviously been dropped by accident, photocopying it, and then publishing bits in the local paper.

Taking photos in public is illegal in France

What do you expect from France, the country which made taking photos of people in the street illegal? My name is Chrysanthi Lykousi and I'm an international street photographer, I was arrested in Paris for privacy violations as I was taking pictures of women walking in the street with their children and I had to pay their stupid fines and contact the American embassy to return to America. Frenchmen told me this privacy law which made photography a crime was passed after a politician wanted to stop the press from publishing an incriminating photo of him. France has really some of the most crazy laws, but if you get to learn the politics it quickly becomes clear that every crazy law was in fact written to protect the French elite and maintain corrupt hierarchies.

Re:Why is anything accessable on the internet rega

[PRMan]

In the USA? Yes. It's not against the law until you tell them it's trespassing at which point they need to leave immediately or they can be arrested and tried.

it's not just walking into a building

The story said he downloaded 7 GB of files, that's hardly just 'clicking on an online link'. He knew what he had.

Fine sounds legitimate

[neminem]

If you find somebody's front door is unlocked and you go inside just long enough to leave a note saying "you should really lock your door. I found it unlocked. I could have taken something", and the owners of the house find you and try to throw you in jail: that would be idiotic and wrong.

If, on the other hand, which it sounds like is more like what this guy did, you find somebody's front door is unlocked, go inside, and rifle through all their desk drawers looking for things they don't want you talking about, then posting what you find on the internet, you should get hit with something. You shouldn't get hit with a B&E charge, cause you weren't breaking anything, but you should get hit with *something*.

Protection Against This Sort of Thing

This should absolutely be appealed - copying freely available information is not theft. If the individual had actually accessed the machine, downloaded the files, and then deleted them from the machine perhaps that could be construed as theft. Is Google committing a crime by spidering the content? They found the content, read it, and indexed it - so how is that not identical to what Olivier did? If Google can't be prosecuted then neither can the blogger. The same thing applies in cases like what happened to Aaron Schwartz, or what Gary McKinnon had to go through.

Personally, I do this sort of thing all the time and will continue to do so. There are groups for us - open directory enthusiasts. Who knows what is out there?

Only in Socialist France

This is France. What do you expect?
They like to slap bloggers with fines, especially out of country once.

Analagous?

[bleckywelcky]

To be fair, whether you lock your door, don't lock your door, or leave your door wide open ... if someone steals your stuff, it is still considered theft. However, whether you lock, don't, or leave wide open might determine whether the act is considered breaking and entering. It appears that the person did nothing abnormal to access the documents though. So at best, it would appear his charges should be distribution of copyrighted materials, if the materials were copyrighted.

Just because my door is unlocked

Doesn't mean you should feel free to walk in and take my furniture.

He was fined for the crime he did commit. It should be obvious to anyone what was intended to be confidential.

Re:Reasonable

[jklovanc]

The issue is that while he was inside the first time he copied a lot of data and when he realized he was not supposed to be there he didn't destroy those copies but made even more copies and gave them away.

More Frog Shite

http://www.guillermito2.net/ar...

http://www.zdnet.com/harvard-u...

The evil bit

[TapeCutter]

Currently-assigned values are defined as follows:

0x0 If the bit is set to 0, the packet has no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is harmless, and SHOULD NOT take any defensive measures. (We note that this part of the spec is already implemented by many common desktop operating systems.)
0x1 If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc.

Hints:
Copyright is automatically granted at creation of a web page
Replace "evil" with "illegal content" in the above spec.