Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Raids Dental Software Researcher Who Found Patient Records On Public Server (dailydot.com)

Posted by BeauHD on from the unauthorized-access dept.

blottsie writes: Yet another security researcher is facing possible prosecution under the CFAA for accessing data on a publicly accessible server. The FBI on Tuesday raided Texas-based dental software security researcher Justin Shafer, who found the protected health records of 22,000 patients stored on an anonymous FTP. "This is a troubling development. I hope the government doesn't think that accessing unsecured files on a public FTP server counts as an unauthorized access under the CFAA," Orin Kerr, a George Washington University law professor and CFAA scholar told the Daily Dot. "If that turns out to be the government's theory -- which we don't know yet, as we only have the warrant so far -- it will be a significant overreach that raises the same issues as were briefed but not resolved in [Andrew 'weev' Auernheimer's] case. I'll be watching this closely." It was also reported this week via The Intercept that a provision snuck into the still-secret text of the Senate's annual intelligence authorization that would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy.

3 of 130 comments (clear)

  1. Say what? by msauve · · Score: 5, Insightful

    How is anon FTP not authorized? I give my "name" (anonymous), and credentials (email address), and the system makes the decision to let me in , based on the configuration the sysadmin set. If that's not authorization, what is?

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re: Say what? by sjames · · Score: 4, Insightful

      OTOH, an anon FTP server is a well known actual thing and has been for decades. A better question is if you walk past a tray of prepared food at the grocery store and it has a sign saying please take one, is it theft if you take one?

  2. The moral of the story by JustAnotherOldGuy · · Score: 5, Insightful

    The moral of the story is that if you discover something like this, close your browser and tell no one.

    Reporting a vulnerability or data breach has come to mean that "you're some kind of criminal" and must be punished, regardless of the circumstances.

    --
    Just cruising through this digital world at 33 1/3 rpm...