Slashdot Mirror
19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca)
Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."
"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests." The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests." The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
...of criminal stupidity.
I'm from Luxembourg and my chamber of representatives used the same 'security system' (people can't possibly guess numbers) and was also breached, obviously, since this 'problem' is known since 1991 or so, when the worldwide web was invented.
Lets be clear, editing the address line is not hacking, not in any way, shape or form. A user name and password request and getting past that is. Editing your address line on your computer and the distant server allowing it, is a fault of that distant server. A request for access was made and it as legally given, the government is screwed and a penalty should be applied for false prosecution. Strictly their fuckup, they made that information publicly accesible without any restriction and they are fucking liars and fraudsters trying to pin their incompetance on someone else. It is not a crime to edit you address bar, it is strictly their fuck up that caused it. No user name, password request and your web site is public facing, that data is free to download, you just gave it away free from all encumbrances. No different to randomly running IP addresses to download what ever you want. No layer of security, no fucking crime, they are cunts blaming someone else for their incompetence and the victim should sue the crap out of them after this is over.
Chaos - everything, everywhere, everywhen
Some people just like to hoard data.
I am trying to understand what he did that was illegal?
He downloaded documents that the government posted on the internet, by simply "guessing" the URL, which incrementally increased from the URL that he was given by the government?
Yup, looks like a case of the government trying to offset blame to me!
It sounds as though he found information published on the web. If I had a book with a custom made index and I was not told that there were pages that were not indexed, is it unauthorised access to leaf it open it to one of them?
Yeah, sure. Blame the kid. Don't talk about how you fucked up your security so bad that even a kid can bypass it. No, focus on how you were done wrong.
Seriously, if a small kid can bypass your security, you deserve to be 'hacked'. No mercy for incompetence!
It doesn't have to be like this. All we need to do is make sure we keep talking.
It you put it on the internet, even if nothing is linking to it, you have granted everyone the right to look at it. This case is a total load of manure.
So instead of them covering up what a shoddy system they built, they are going to get dragged over the coals on public record when it all comes out in court.
Items placed on an open server without a login are made available for public download. Whether you meant to offer them for public download isn't relevant - you did.
He went to the server and asked politely, "Can I take one of these?" The server said, "Sure, here it is", and then tossed it to him.
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
If I seek information under 'Freedom of Information' legislation, I am getting data that the government holds about the world in general.
If I carry out a 'data access request', I am asking for the data that the government owns on me.
It appears that Nova Scotia operated a 'data access request' system that held the personal resulting from data access requests on a poorly protected server, which our guy proceeded to access. As such this isn't a freedom of information issue, though it will probably be used as such to allow governments to wind down their commitment to freedom of information.
Trudeau does not accept freedom, it might be offensive to someone.
L'Idiot
We appear to have a classic example of government ineptitude in an obscure part of Canada, where it will be very hard to find competent IT staff. We should not be surprised at the cockup...
When the IT department of the province goes to the assembly, it will be able to use this to demand a big rise in their budget. Hog heaven for top managers who can avoid the blame!!
he can use finger and whois to spy on the USA! The government cannot be incompetent, the citizen must be guilty. He dare mess with the CIA! Lock him up!
Oh, if he gets near a phone, he could whistle into it and start a nuclear war. I loved WarGames when I was a kid. Apparently government prosecutors thought a Hollywood fantasy was a documentary.
He has packrat written all over him. But downloading unprotected data is not criminal behavior. If these files should not be downloaded, don't put them on a server like that.
If he was backing up deleted 4Chan posts he may have bigger legal problems than 'hacking'!
Everything he allegedly stole would have been available on a number of search engines.
It gets really boring there in small town newfoundland... :(
[($)]
Except he did not walk in the door.
What he did is the equivalent of walking up to the public documents window (just dream that such a thing exists..) as saying 'could I please have the FOI request number 1' then saying 'could I please have the FOI request number 2'.... until he had 7000 of them.
The fault in that case, and quite obviously in this, would be in the person (or server) that GAVE HIM THE DOCUMENTS WITHOUT ANY ATTEMPT TO VERIFY THAT HE WAS AUTHORISED TO RECEIVE THEM.
Remember, he didnt falsify ANY information, he didnt impersonate anyone, he didnt do anything else but ask the server if it would kindly send him this document, which it did.
So, your position is that asking for a document is breaking the law? Oh dear.
It's basically like going to a library and pulling your book. And then there's another whole row of books right next to yours and you look at them that just so happens to be "FORBIDDEN KNOWLEDGE!@#!1111".
Items placed on an open server without a login are made available for public download. Whether you meant to offer them for public download isn't relevant - you did.
In which case this young man has absolutely nothing to worry about. OTOH, should your analysis not in fact reflect the legal reality ...
a web server should be treated legally like a phone book. If I look up information and it is there, publicly available, I can do as I wish with this information. If something shouldn't be publicly available, it shouldn't be in the phone book!
If I hack into the web server, I.E. log in with credentials that do not belong to me, or exploit a vulnerability to access information that is not public, than a crime may have occurred. But even in that case, if the security took five minutes to overcome on a Internet open server, the penalties should be trivial. If I break into a government building and gain physical access to a secure network, that is more severe.
The problem is that "hacking" means exactly zilch these days. Even in (US) law, where "computer hacking" is criminalised but not defined. So you could be indicted for, well, looking at a computer wrong under that law. Or, like here, for editing a URL.
Of course this is Canadian law. The actual accusation is "unauthorised use of a computer", which might mean anything at all, depending on the way the law was written. In the UK, by the by, someone did the old "../../.." trick "out of curiosity", and got slapped hard for that. So if that's already against the law, then changing a number might well be seen as more nefarious.
Anyhow, words matter. Calling this "hacking" is yet more sign that the computer security industrsy s'kiddies dropped the ball hard and now we're stuck with sensationalist bogeyman calling that ends up criminalising things that should not be criminalised.
If this were Facebook, this'd be called a breach on Facebook's part...or, in reality, outright negligence in a criminal way. He knowingly continued getting the information. I see that. BUT, that doesn't mean that there shouldn't be legal repercussions for the people in charge of those systems because of their negligence and outright incompetence.
Also, re. manually editing a link, how does one know that url isn’t linked to from elsewhere? Ie. it was published for all, and all you did was shortcut straight to it?
Comment removed based on user account deletion
ae911truth dot org
The problem is that here in Canada, we have stringent privacy laws. He's in the wrong because he got information that wasn't redacted as it was supposed to be by the law. The NS government itself is in breach of the privacy laws because they're not supposed to store personal information like this. Government agencies that handle this stuff have a PIO that scrubs information out for FOI requests. Likely, nothing will happen to him in the end or he'll be given a suspended sentence(meaning no criminal record after a year or two if he keeps his nose clean). The NS government though, now has a serious privacy breach problem and is in violation of not only provincial laws, but federal laws privacy laws. Which could lead to an awful lot of lawsuits.
Om, nomnomnom...
If your government is too stupid to secure their databases, you go to jail.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
# for I in $(seq 100000); do wget example.com/$I.html;done
It is highly illegal code and I should be getting 10 years for that, because that is basically what he did.
Don't fight for your country, if your country does not fight for you.
As an Atlantic Canadian this makes me unbelievably sad.
They just traumatized a family because the government was incompetent. Is this truly where we're going?
They fucking interrogated his 13 year old sister?! I mean the documentation was fucking public; THIS IS HOW THEY CHOOSE TO HANDLE THEIR INCOMPENTENCY?
PM is outright saying he stole sensitive information; 15 officers raided the house.
Atlantic Canada is a pretty quiet place, and there's already enough sketchiness about how the general population feels about our police force; they're really not helping their case. I swear if they (Gov. & police force, RCMP I presume) don't get any repercussions for this I'll be legitimately scared of continuing to live in this country. This is beyond fucking ridiculous. I mean 10 fucking years in prison??
Yeah; I'm fucking angry, sorry.
I tend to rant.
If you have ana doubt something may be illegal, it probably is. Better to be on the safe side.
...expect that people will find it. This is not hacking, this is shoddy practices by the people running the FOI site and they're blaming the public. Of course, it would require a modicum of technical understanding to not blame someone else.
---- The above post was generated by the Turing Institute. Maybe.
Ultimately it will probably come down the regular old "Hillary thing" of "intent", and judges or juries will make that determination. Did the alleged perpetrator "intend" to gain unauthorized access.
Table-ized A.I.
using the words "legal" and "reality" in the same sentence is normally considered evidence of severe mental problems. I suggest you attend a medical practitioner at the earliest opportunity.
Sent from my ASR33 using ASCII
It gets really boring there in small town newfoundland... :(
Halifax is in Nova Scotia, about 1000 miles away from "newfoundland"
"He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
I thought that only porn hoarders existed, but this guy was hoarding 4chan's shitposts.
So, there's this bakery and at the end of the day they give away the last few cakes for free (better than going to waste right)!
A man goes in, and seeing as it's a friend's birthday thinks they'll get one of the free cakes for their friend. After looking at the free cakes, sees one on another shelf with "happy birthday" written on it in icing - perfect they think - and asks the server if they can have that one.
Now, this is where the problem is, the cake was ordered and paid for by someone else, they just hadn't picked it up yet. The server, being new and improperly trained in the store's procedures has confused the "for pickup" counter, with the end of day freebies. So they give the man the cake.
In this scenario, the question is:
Has the person who asked for, and was given the cake stolen it?
Lets be clear, editing the address line is not hacking, not in any way, shape or form.
It is hacking if the government defines it to be hacking. Not disagreeing with you just pointing out that we're talking about the fact that the people who make the laws are the ones we're dealing with here. The scary bit is that they can define something quite innocuous to be against the law. Any time you go against the folks that make the rules things tend to get dicey for the defendant.
A request for access was made and it as legally given, the government is screwed and a penalty should be applied for false prosecution.
Again I don't disagree but do you really expect the government to admit fault like that?
The interesting question is when does it become "security" and therefore "hacking"? In all fairness it's not as easy a question as it might seem. Does ROT13 count as encryption and therefore security? It's certainly bad security to the point of being laughable but it will keep the technologically impaired out so it's clearly effective to a degree. And it's possible to pass laws where it could be a violation of the law to crack their system even if doing so is absurdly simple. (see DMCA for example) Where is the bright line that distinguishes bad security from no security from a legal standpoint? (from a technical standpoint they are identical)
He was using the site EXACTLY as it was intended to be used: ask the system to provide information associated with some number at the end. This was not exploiting some unintended consequence to make the system behave in an unusual or unforeseen manner. This was making the computer system act in EXACTLY the manner the developer(s) intended.
By that logic you could claim any penetration of a system was merely the system behaving exactly as intended because that was how the developer programmed it. I understand where you are going with your argument but it's perhaps a bit more fraught than you realize? After all, how are we as users to know what the developer intended and why should that even matter? It's an interesting question.
The real question here is when does the system cross the line from no security to bad security from a legal standpoint. Technologically there is no difference but legally their can be. Because that is the point where legally it goes from using a system to "hacking" a system in the negative legal sense. Something as simple as ROT13 could be considered intent to secure the system despite being laughably easy to bypass but you could still find yourself in a court room for bypassing it under certain laws.
If you can access a webpage without logging in, it is usually assumed that the page was meant to be available to the public.
Imagine if everything on the internet was accessible and it was up to the user to assume what they shouldn't have access to.
Instead of blaming the person that misconfigured the website, Canada is painting this kid as an uber haxor with 30TB of stolen data. They are trying to cover their own ass because the state itself is the party that jeopardized the privacy of all of the individuals it is claiming to be protecting. I wish the kid published a list of names of the people whose privacy was violated. Canada would have a class-action lawsuit on its hands if those people knew that the state jeopardized their privacy.
Canada will just say that it isn't their fault and the uber haxor is to blame.
So I live in Nova Scotia; i.e. this is happening in my backyard. This is absolutely about the provincial government trying to cover its a**. The mistake was discovered internally when a government employee did basically the same thing and accidentally put in a wrong URL... and instead of getting a 404 got documents that shouldn't have been public-facing (including docs with personal info, SINs and the like). Rather than owning up to the mistake and dealing with the consequences, the provincial government kept it quiet for 7 weeks, and are now using this kid as a scapegoat ("EVIL HACKERS, CLUTCH YOUR PEARLS!!!!"). It's absolutely disgusting, and I hope the court of public opinion judges them (the gov) harshly.
Did they spend on the cyber security for this web access?
Just because there isn't a hyperlink to the page with the document doesn't make the information private. If there wasn't security on the page/s in question they were public information regardless of what the government intended. The boy broke no laws. And no this is not like leaving your door unlocked and someone walking in to your house/car. It's more like I posted all of these documents on a public document pin board in the middle of the square but put a blank page over them so you couldn't read them without lifting the blank page. I would charge whoever designed the site (not the page coder but the person who decided not to invest in any security) with gross negligence.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Used the same URL tweaking method in my degenerate youth ... they weren't government documents though.
(Though doubtless accessed by many government officials ...)
The fact that Canada criminalizes the equivalent of picking up a lost document off the sidewalk proves it to be a repressive country. We already knew this when they criminalized calling a transsexxual the wrong gender. Canadians should elect better politicians to take their country back from the autocrats running it.
I'm confused... Shouldn't the freedom-of-information releases themselves be freely available to the general public?
In Soviet Washington the swamp drains you.
If a document is publicly available on the web, as these documents were, the reasonable assumption would be that they are public. If a website makes non public documents available publicly, the steps to fix it is to inform the website owner and request they stop, not persecute people that accessed the information. However, you cold kindly request that they delete the information...
He didn't steal it, the web server sent it to him upon request. I can go to McDonald's and request a free cheeseburger but they are prolly not gonna grant my request. I can go to the county clerk and request a document but they are not gonna give it to me unless I have the proper documentation. I can go to a hospital and request someones health history but unless I can prove I am indeed allowed to have access to it they are not gonna give it to me.
Why is this any different.
He made a request, the service granted his request.
If there is any legal issue here it is a privacy protection and security legality for which the governing body that hosts and/or provides the information is guilty of breaking.
Can we please stop with all the real world/digital world analogies? they all suck! and no one ever gets it right.
The two main issues here are
1. What is considered an intent to secure? do we consider any authentication algorithm an intent to secure? What is the minimum that someone must do to legally consider a server secure.
2. Was the law enforcement response appropriate? 15+ officers to raid a house? interrogating a 13 year old while not accompanied by a parent?
To me this sounds like the government and law enforcement over reacting and simultaneously trying to save face while making an example of the child for future possible "hackers". It should have taken no more than 4 officers to go through the house, confiscate any digital device (and find hidden hard drives with out tearing everything apart, its called a metal detector!). The truth is that someone who had no understanding of how the Internet works gave the go ahead for this server to be put on-line with the current procedure for retrieving information, that is the person who is guilty of breeching privacy laws and is just as guilty as the person who authorized the "raid"
Post the URL into a google search bar. Let google's search engines take the heat for downloading the content. Also, you get the files indexed for all the world to search.
What I want to know is that did he use a script to (or curl feature) download 7,000 documents or did he just edit the URL 6,999 times?
And where is he storing 30TB of data? Yes that is actually affordable (say 4 drives about $250 each) but who spends that kind of pocket money for something so nearly unusable?
Try doing a grep -r for some string on a mounted USB drive holding 1TB of data and see how long it takes. So what good is that?
Maybe he scrolls through all those documents one by one. For what. Anybody know?
Just what could he use all this crap for. What is wrong with his brain that he wasn't just downloading porn like every other kid?
How does it work?
Nova Scotia has been sliding towards facscism ever since Frank Metzger abandoned fine cuisine. The apocalypse began when Fat Frank's restaurant became recognized for hotdogs instead of seafood.
For God's sake Frank, please come back!
That is why folks you don't put IDs as urls for something like this.
Tired of my customary (Score:1)
The government is infinitely more negligent than the kid, given that 98% of what the kid did was legal, and the remaining 2% illegal because some government employee (and more likely, several employees) screwed-up. Also, if this happened in the USA, the kid's lawyer could first argue "authorization", in that if the data was available without a login, there's no authorization required, and now the cops are just lying to the court. The sad part is, there's no way the court will get this right, given the amount of hysterical overreach the government is now out to justify. At this point, the kid is just an obstacle to that end.
Intent matters:
"In order to break this law, you have to have done it with fraudulent intent," said David Fraser, a lawyer with McInnes Cooper in Halifax who specializes in technology and privacy laws.
"From everything that's being discussed about this, it's likely the person was likely trying to download content of public documents from a public internet site."
"Archivist"? A 19 year old.... archivist? What kind of bullshit made up term is...
The teen is estimated to have around 30 terabytes of online data on his hard drives
...Well alright then. I'm not even mad. Props to the archivist.
Right. I got the 10TB for 350. Now itâ(TM)s 310. So itâ(TM)s a grand of slow Hard drives. With totally useless data. Unless he was doing some NPL processing or classification stuff for school. And guessing urls is a crime? Isnâ(TM)t an entity supposed to implement reasonable security?
You could mistype a url and break the law. That wonâ(TM)t fly. Itâ(TM)s mishandling their classified? material to load it into that public website.
And just what do they think would happen?
What a stupid system.
No, that's a problem with the people who failed to do the redacting.
And tax payers are going to keep paying the government employees that failed to redact, their lawyers, the lawyers for the people filing the suits, and the damages to the people whose information wasn't redacted. Everybody walks away richer from this, except for the taxpayer.
Truer words have never been spoken.
He's not insane, people value and buy/sell archived data. Here is one of my own stories. Back in 2010 I did a complete reverse DNS scan on the Internet just for fun/curiosity. It came out to about 1TB of uncompressed data. A few years later someone found out that I had done that and wanted to buy a copy of the historical data from me for several hundred dollars. In hindsight, I probably could have charged more, but who knew what the market was on historical DNS data. The point is, data has value and the guy in Nova Scotia knows that. Like most things, the interest in the data and it's rarity and the longer you can preserve it, the more it could be worth. archive.org is in the business of archiving data. Sure, they rely on donations, but money is coming in.
It is very similar to take off pants, go to street, show naked ass to everybody and then charge everybody who see you.
From REST API development perspective, it is absolutely legal to use it if it is available.
REST API is just one of available means of providing end users with access to information.
If they did not enable security and any sort of authentication for accessing that data, it is their problems, not the problem of the user.
Did he extort anyone with this information? No? Then I think it's maybe 'malicious mischief' at best. Sentence the kid to community service and let it go at that.
what about self service soda fountains?
Most places with them have free refills and most casinos they are 100% free.
But let's say some places wants to be greedy and says no free refills then they have to post in way that it's not hidden or move to place where you need have some person working there to get it for you.
We love our freedom of information here in Canada, and governments resent it. As an example from just days ago, have a look at http://www.cbc.ca/news/politics/rcmp-access-information-money-laundering-legault-dagg-delay-extension-1.4616137 to see what a government letter explaining that they need to delay an information request for 80 years looks like.
Nothing like having your house raided for accessing freedom of information related information.
Data hoarders, like me, collect it for the fun of collecting. It's no different from people who collect stamps, or tacky plaster statues. The fun is in acquiring the data and finding the best way to store, sort and manage it.
and violation of TOS is not a crime much less one where you can be facing hard time.
To bad that jury trial is not an right in canada for all crimes. In the usa just having the jury have to read an full 100+ page TOS may push them to vote non guilty just to get it over.
That is all
If an ATM starts spitting money at you, or gives you more money then you requested can you legally keep it?
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
His bedroom is upstairs. That's where police found him sleeping when 15 officers raided the family home last Wednesday morning.
Man, these fucking overkill police raids really tests my general support of law enforcement. A goddamn raid for a non-violent computer crime?
"They rifled through everything. They turned over mattresses, they took drawers and emptied out drawers, they went through personal papers, pictures," she said. "It was totally devastating and traumatic."
She says police seized her son's computers, plus her husband's cellphone and work computers, which has left him unable to do his job.
They also seized her younger son's desktop computer, after he was arrested on the street walking to high school.
Officers took her 13-year-old daughter to question her in a police car.
"My little ones are asking, 'Will I be able to get a job because we were arrested?'" she said.
fuck 'em
If the documents were public-facing, what law did he break? I'm honestly confused, and I hope this goes up the chain of government to be sorted out.
This happened in the US already and the tech community should not have forgotten already (I can't browse low anymore, too depressing, apologies if I missed someone else mentioning him). If you don't know the story, spend 10 minutes of light searching/reading or watch the documentary "The Internet's Own Boy" to get an idea.
The fact that we're going down the same path up here in Canada scares me, and I hope a similar outcome doesn't befall this person, we don't benefit from information being locked up and drip fed to us only IF we can pay.
*Posted as AC because in close to 20 years of reading /. I hadn't felt the overwhelming need to wade in on anything. Young and unsure of self way back then, but now mainly find that the comments section is being overwhelmed by vitriol, personal attacks instead of rebuttals and pure trolling (this unverifiable anecdote brought to you by anxious worrying about AC status being more important than the content)
zah
To see anybody defending the government here is the worst thing ever. And besides that, we allow too much secrecy. I hope more kids do more things like this, but cover their tracks better. That is the lesson to learn here. This is one way of protecting ourselves from the authoritarian (fascist) majority.
First what he did is in no way shape or form of "Hacking". I'm sorry, but even the most unknowledgeable judge or jury is going to raise a serious eyebrow when the prosecution tries to argue that the changing of a public facing URL equates to "unauthorized use of a computer" i.e. Hacking.
Second the government of NS literally did the stupidest most ill advised thing I can think of by raiding and chaging the guy.
About the only thing actually criminal here is the breach of personal information by the NS government who has a responsibility to reasonably safeguard said information within their custody. I'm pretty sure what this kid did pretty much says that they were negligent in that regard. So instead of quietly fixing the issue, and dealing with the kid about the data loss, they now just made it a public news spectacle.
About the only thing I see here is charges being dropped, and a lot of embarrassment for NS and possible legal action, not only by the kid, but by those impacted by the FOI breach.
However... that is all based on the content of the new article, which is a bit light on some information... Which may have an impact.
i.e. How was he caught? Were there some super cyber security watchdogs monitoring website activity and noting that the same IP address was seeming to access an awful lot of stuff? I seriously doubt it. Or did he like most folks that get caught for this kind of stuff bragging around chat groups etc... that happened to be monitored regularly by police... As that would sort of invalidate his innocent tale... If I had to guess, some peon in IT realized that there was a potential vulnerability in their POS FOI portal, was looking into fixing the oversight, and decided just in case to check the logs (well after the fact), saw a lot more activity than might be reasonable, looked a bit deeper, saw most the activity from one source (oh shit), and reported it starting the whole cascading snowball, but I bet management didn't ask the peon "how" (or them being the one who designed it, wasn't eager to share that information). I guess what I am getting at is the most likely event being the only way they would have caught the guy (apart from bragging), would be prior knowledge that their system wasn't secure at all in the first place which would sort of invalidate their charges. About all they have is reasonable intent (i.e. did he know what he was accessing was prohibited?), which sounds like they would have a pretty hard time to prove...
We denounce them as heretics and put them in prison. (We can't burn them at the stake anymore)
And behavior that makes the mainstream uncomfortable is to be punished as if it were equivalent to the actions of a criminal with ill intent.
“Common sense is not so common.” — Voltaire
First what he did is in no way shape or form of "Hacking".
It is a type of hacking, even though it is seemingly trivial. Unless of course you have an elitist definition of hacking in order to bolster your own ego.
I blame the IT staff and security auditors that the government hires. The information on the site was wide open and the "non-authorized access" charge falls flat. We could run an experiment with a room of 10 year olds and one of them would figure out the same flaws. Blame the adults who have collected paychecks and built systems that probably can't even keep a curious child out.
That said, maybe this young man's obsession with archiving is something he needs to reexamine and perhaps seek professional help if he feels a compulsion to continue with the behavior. I don't consider the behavior to be dangerous or illegal. But I don't think any kind of obsession is healthy.
what is the url?
archive.org ??
Why does a country with such a small, relatively homogeneous population need such a huge intrusive government?
I have the same question about Australia.
just did the same to this site.. except able to pull California license plates
http://photos.ticketproweb.com/?cit=52048143
There should be a disclaimer or a link to one and additionally a copyright to make it illegal. Otherwise, we can hold all search engines and bots accounable to the same law?
Seriously, archiving stuff from reddit and 4chan, 4chan in particular, is asking for a world of hurt.
If he is actively archiving 4chan threads AND not destroying the content of posts that were deleted by moderators in a thread, he's virtually guaranteed to have some sort of illegal picture.
Thus, he will get vanned. They will use this as a fig leaf of an excuse to peruse the archives, then it's game over.
This is /. We do car analogies here.
It is like going to a used car lot and sitting in each car in the row, and then being arrested because half of them belonged to customers.
refactor the law, its bloated, confusing and unmaintainable.
"Because he can" used to be a valid enough answer. There are plenty of people who are hoarders. There are tv shows dedicated to them. He just hoards data. And why? Well, why not?
I know a person who tries to download as much software as possible and sorts them in directories. These are all programs that he never ever uses and most he has no idea what they do. Why? Because he likes to do it.
Other people collect stamps. Just as silly.
Don't fight for your country, if your country does not fight for you.
How is it there are so many government names/agencies with blatantly Orwellian names(every government, worldwide) and barely anyone makes a peep about them?
Freedom of Information - arrested for getting information from here.
Internet Freedom Act - lets ISPs charge and block as they wish, limiting access to specific information.
Right to work act - can now be fired without any reason or cause.
Right to farm act - monsanto can now sue you if their seeds blow into your small farm crops and you harvest them for sale.
Generally, things are pretty good in Canada, compared to most places. But public servant caught it being flagrantly incompetent, as in this example, too often try to blame the person who discovered the mistake. At the same time, the kid can be said you be authorised to view his own documents / information, but not authorised to view anyone else's. If this was explicit in any terms & conditions, then the kid is guilty. If you discover someone's house isn't locked, it's still stealing to go inside and take stuff.
Only boring people are ever bored.
The correct outcome is that they 1) let the kid go free and compensate him & his family for wronging them, and 2) they fire & prosecute the system administrators for misclassifying and failing to secure private information.
The government knew about the security issue long before the kid hacked in and is in full cover-ass mode. Our current provincial government is horrible beyond belief.
A GoFundMe has been set up to pay for the legal defense, and an expert lawyer has been retained.
Please consider donating. The kid isn't without fault, but he's being railroaded by the local government.
https://www.gofundme.com/ns-te...
..don't panic
A GoFundMe has been set up to pay for the legal defense, and a expert lawyer has been retained.
Please consider donating. The kid isn't without fault, but he's being railroaded by the local government.
https://www.gofundme.com/ns-te...
..don't panic
Seems like things went to pot with that Rob Ford ( https://en.wikipedia.org/wiki/...) guy that was the butt of Jay Leno jokes.
Now it seems like they're in the news almost daily for dumb law enforcement on dumb laws.
The heavy hand of government strikes down a teenager for downloading information that was previously released to someone requesting it. Remember the word Nazi stands for National Socialist. Canada is more socialist than the US, but we are headed in that same direction by attacking speech that is not politically correct, which means it does not agree with the views of liberals. There is always some statute that can be interpreted to charge somebody out of favor. In the old days, in some parts of the country an issue was "driving while black" or something similar which could lead to arrests. These days, it's just about any conservative speech. Frankly, this kid did everyone a service by exposing a data breach. It's certainly not his fault the information was readily available.
And I feel stupider for having read it.