19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca)

← Back to Stories (view on slashdot.org)

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca)

Posted by BeauHD on Monday April 16, 2018 @07:00PM from the extracurricular-activities dept.

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests." The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."

56 of 422 comments (clear)

Min score:

Reason:

Sort:

Government guilty! by nospam007 · 2018-04-16 19:00 · Score: 5, Informative

...of criminal stupidity.
I'm from Luxembourg and my chamber of representatives used the same 'security system' (people can't possibly guess numbers) and was also breached, obviously, since this 'problem' is known since 1991 or so, when the worldwide web was invented.
1. Re:Government guilty! by Bobrick · 2018-04-16 19:02 · Score: 3, Funny
  
  Who would've thought that request #252 would follow #251 ?
2. Re:Government guilty! by houghi · 2018-04-16 21:57 · Score: 3, Informative
  
  #/bin/bash
  for I in $(cat 1000000)
  do
  wget example.com/$I.html
  done
  HACK THE PLANET!
  
  --
  Don't fight for your country, if your country does not fight for you.
3. Re:Government guilty! by Anonymous Coward · 2018-04-17 00:59 · Score: 5, Insightful
  
  "The kid was criminally stupid in not reporting the vulnerability through the responsible disclosure contact"
  Neither he, you nor I are under any such obligation and how he accessed the data was neither vulnerability nor crime.
  "The kid was criminally stupid in archiving the data instead of working towards fixing the problem"
  The problem is not his to "fix" and archiving the data is not a crime which could have been done by any number of spiders and bots incl The Wayback Machine.
  Stop being an apologist for the criminally stupid authorities and their heavyhanded overreach
4. Re:Government guilty! by bluefoxlucid · 2018-04-17 01:02 · Score: 2
  
  Why is this criminal and not civil? What economic damages are there to reclaim in said civil suit?
  Ah. No standing. Case dismissed!
  
  --
  Support my political activism on Patreon.
5. Re:Government guilty! by mjwx · 2018-04-17 01:14 · Score: 4, Interesting
  
  ...of criminal stupidity.
  I'm from Luxembourg and my chamber of representatives used the same 'security system' (people can't possibly guess numbers) and was also breached, obviously, since this 'problem' is known since 1991 or so, when the worldwide web was invented.
  Yes, Data Protection Acts like the EU GDPR are there to ensure that PII (Personally Identifiable Information) aren't released publicly. However this doesn't mean it wont accidentally be or cant be released. The Canadian govt was silly to let this information to be released under FOI requests (I work with FOI requests in the UK, you're supposed to ensure any PII stripped out, GDPR/DPA trumps FOI and there are strict penalties for non-compliance) but if that fails that doesn't give you carte blanche to copy it, data protection laws still apply.
  
  However I'm going to make a prediction that wont be popular with the /. Mah Freeedums nutters but it will be more accurate, this will go to court, the Canadian will explain why he was doing what he was doing and the judge will order him to delete the records that contain PII and that will be the end of it. No jail, no fines, just a Canadian judge ordering a Canadian to adhere to the Canadian laws. chances are the guy didn't even know that the PII was there before he started.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
6. Re:Government guilty! by suso · 2018-04-17 01:21 · Score: 5, Insightful
  
  That's great, but you can also just do this with curl
  curl example.com/[1-1000000].html
  The range functionality is built right into curl. In fact it's even in the opening examples of the man page.
7. Re:Government guilty! by JMJimmy · 2018-04-17 01:35 · Score: 4, Informative
  
  This case will be dismissed if it ever makes it that far. The law they charged him under does not cover accessing public facing documents.
8. Re:Government guilty! by Anonymous Coward · 2018-04-17 01:51 · Score: 5, Interesting
  
  The government was in breach of PIPEDA, though I'm not a lawyer, so I don't know if the law applies to them. The documents are called "Freedom of Information" requests. If you find one through the search function, you can download it. A reasonable person would have concluded this was public information. The documents being numbered sequentially does reinforce this impression.
  There was no obvious way for him to know that some of the "Freedom of Information" requests were intended to be restricted. You can't report something you don't know is wrong. Nobody wants to be the collateral damage from some larger party externalizing its incompetence or laziness. This is that, and it's wrong.
9. Re:Government guilty! by gmack · 2018-04-17 01:53 · Score: 5, Informative
  
  The kid was has been quoted as saying he thought that the records were public and he didn't know he wasn't supposed to be able to do that.
10. Re:Government guilty! by Type44Q · 2018-04-17 01:58 · Score: 4, Interesting
  
  The kid was criminally stupid in archiving the data instead of working towards fixing the problem
  This tripe got modded to 5?! fixing the problem wasn't his responsibility and while his actions might've been distasteful, thinking them to be "criminal" either requires:
  A) A complete lack of understanding of digital communications, or...
  B) You to be a gov't shill, or...C) An utter fucking moron.
11. Re:Government guilty! by azcoyote · 2018-04-17 02:23 · Score: 5, Funny
  
  ... In fact it's even in the opening examples of the man page.
  That's exactly why we need more women in tech!
  
  --
  Incipiamus, fratres, servire Domino Deo, quia hucusque vix vel parum in nullo profecimus.
12. Re:Government guilty! by suso · 2018-04-17 02:50 · Score: 4, Informative
  
  I agree, but man pages have nothing to do with gender. It's called a man page because it's short for manual. The command was called man most likely because so many commands were shortened back then to 2 or 3 letters. There were a few women working on Unix at Bell labs in the 70s, one was Lorinda Cherry and among other things she helped write programs like the 'bc' and 'dc' commands.
13. Re:Government guilty! by Anonymous Coward · 2018-04-17 03:17 · Score: 5, Insightful
  
  The kid was has been quoted as saying he thought that the records were public and he didn't know he wasn't supposed to be able to do that.
  By any measure these files were public. They were published online with a URL without any access control system. The question is whether they should have been made public or not. And apparently the government unintentionally published just 250 documents that contained information that was somehow privileged in the batch of 7000.
  So 96.4% of the documents were supposed to be available to the public.
  Any reasonable person would have looked at a freedom of information website and assume that the published documents were intended to be public as the vast majority of the documents were. The government made a mistake, overreached and is at fault for putting this person through this ordeal. Charges should be dropped with apology.
14. Re:Government guilty! by fredrated · 2018-04-17 03:45 · Score: 2
  
  I err on the side of ignorance.
  Then you will never fail.
15. Re:Government guilty! by o_ferguson · 2018-04-17 04:26 · Score: 3, Insightful
  
  However "Responsible Disclosure" only applies when you actually find a vulnerability. This was not a vulnerability. It was coded to work that way, and it did. He didn't break anything, and hence there was no break for him to report.
  
  --
  - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
16. Re:Government guilty! by o_ferguson · 2018-04-17 04:28 · Score: 2
  
  Yeah but he didn't break the law.
  
  --
  - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
17. Re:Government guilty! by beernutz · 2018-04-17 04:37 · Score: 3, Insightful
  
  Again, you wrote this line verbatim with the verbiage "Criminally" right in it. This might lead someone to think you considered his actions to be... well... "Criminal"
  
  The kid was criminally stupid in archiving the data instead of working towards fixing the problem
  
  --
  (stolen from DaBum) I am dyslexia of borg - your ass will be laminated.
18. Re:Government guilty! by q4Fry · 2018-04-17 05:06 · Score: 5, Funny
  
  I agree, but man pages have nothing to do with gender. It's called a man page because it's short for manual. The command was called man most likely because so many commands were shortened back then to 2 or 3 letters.
  Is this an example of "man splaining" ?
19. Re:Government guilty! by hoggoth · 2018-04-17 05:43 · Score: 2
  
  You must be a blast at parties
  
  --
  - For the complete works of Shakespeare: cat /dev/random (may take some time)
20. Re:Government guilty! by o_ferguson · 2018-04-17 06:29 · Score: 2
  
  This is a Canadian case. The Queen is presupposed to be free of error. Those aren't bugs. They're undocumented features. Citizens are not to be punished for making use of undocumented features unless they are specifically endangering the Queen's Peace (don't fight me on this I'm an oathed-in Queen's Peace Officer.) I wouldn't have arrested this guy, though, unless he was specifically doing something with that information that is specifically illegal. What he did isn't quite there yet, and should be recognized as such.
  
  --
  - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
21. Re: Government guilty! by eaglesrule · 2018-04-17 10:14 · Score: 2
  
  This is what I think is more likely.
  Suit#1: Someone found a design flaw in the public documents portal that makes us look completely incompetent, and downloaded our data.
  Suit#2: Who?
  Suit#1: Some kid, who happens to be Canadian.
  Suit#2: Well, he's within our reach then. So let's make an example of him, instead of the usual cover up. Let's put on a show by raiding his home with a battalion of officers, and drag him to court under trumped up charges. We'll exaggerate the crime so much that we don't appear to be at fault.
  Suit#1: Hmm. We can call him a hacker and use broadly defined and poorly written statutes to paint him as a criminal. We'll look like we're being tough on crime while sending a message not to screw with us.
  Suit#2: Exactly. What could go wrong.
22. Re:Government guilty! by Reziac · 2018-04-18 04:12 · Score: 2
  
  And as everyone knows, women don't come with manuals.
  
  --
  ~REZ~ #43301. Who'd fake being me anyway?
Edit Address Line Is Not Hacking by rtb61 · 2018-04-16 19:08 · Score: 5, Insightful

Lets be clear, editing the address line is not hacking, not in any way, shape or form. A user name and password request and getting past that is. Editing your address line on your computer and the distant server allowing it, is a fault of that distant server. A request for access was made and it as legally given, the government is screwed and a penalty should be applied for false prosecution. Strictly their fuckup, they made that information publicly accesible without any restriction and they are fucking liars and fraudsters trying to pin their incompetance on someone else. It is not a crime to edit you address bar, it is strictly their fuck up that caused it. No user name, password request and your web site is public facing, that data is free to download, you just gave it away free from all encumbrances. No different to randomly running IP addresses to download what ever you want. No layer of security, no fucking crime, they are cunts blaming someone else for their incompetence and the victim should sue the crap out of them after this is over.

--
Chaos - everything, everywhere, everywhen
1. Re:Edit Address Line Is Not Hacking by DNS-and-BIND · 2018-04-16 19:22 · Score: 3, Informative
  
  You entirely miss the point. If this was a government fuckup, then someone in government is responsible. Someone senior, whose job it was to make sure these things don't happen. Someone who was given an adequate amount of money for the task. There might need to be an audit to see how this money was spent, and this must never be allowed to happen.
  If this is classed as a security breach, this official's career (and everyone's career she has a mentor relationship with) is in danger. However, if it was a dirty hacker, then everyone can breathe easy: the excellent system we built was victimized. Prosecute, slap him in jail, and relax. Crisis averted. Nobody need be reassigned or demoted.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
2. Re:Edit Address Line Is Not Hacking by Anonymous Coward · 2018-04-16 19:27 · Score: 5, Insightful
  
  No layer of security, no fucking crime
  My leaving my front door unlocked does not mean you aren't guilty if breaking and entering if you open the door, walk in, and take something that isn't yours.
  Idiot.
  Web servers do not work that way.
  You don't go into the web server and take something. The web server sends it to you.
  The more apt analogy would be that I asked for something I didn't own and you mail it to me. It can't be stolen since you honored the request to send it to me.
  What are you going to compare it to next? rape? Someone getting unsecured files from a server is like raping you in the ass?
3. Re:Edit Address Line Is Not Hacking by TheReaperD · 2018-04-16 19:49 · Score: 4, Insightful
  
  I think the door analogy would go something like this: I go into a public government building and the information I need is in open door A and then I see open doors B, C, D, E, etc and go "huh, I wonder what's behind this open door in a public building (with no warning/forbidden signs) and then someone tries to arrest me for breaking and entering.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
4. Re:Edit Address Line Is Not Hacking by TheReaperD · 2018-04-16 19:56 · Score: 2
  
  Except, there was no authentication required and no attempt to scramble the addresses on a public facing server. Therefore, the data was open for public viewing and likely indexed on Google if anyone wanted to do a search. Yes, the government didn't intend for it to be public view but, that's their fuckup. It's time to stop trying to prosecute people for other people's mistakes because "we're the government."
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
5. Re:Edit Address Line Is Not Hacking by famebait · 2018-04-16 20:03 · Score: 2, Insightful
  
  Your analogy is broken in so many ways I don't know where to start.
  Here's a better one:
  You display a public anoncement by scribbling it on the top sheet of a flipover pad you have lying around.
  You nail the whole thing to your wall, and don't even try to secure the bottom corners.
  A passer-by peeks at the next sheet.
  No crime.
  Move along.
  
  --
  sudo ergo sum
6. Re:Edit Address Line Is Not Hacking by jargonburn · 2018-04-16 20:03 · Score: 5, Insightful
  
  This is more like having a public reference book in a library, where you've been directed to page #1577 for the information you were seeking. You check and it's there. Cool. Then, you decide you're curious to read what's on the other pages.
7. Re:Edit Address Line Is Not Hacking by JaredOfEuropa · 2018-04-16 20:13 · Score: 2
  
  Exactly. In real life it is pretty much always clear whether we are dealing with a store or a private home, and we are expected to act accordingly. When online, things are not so clear; on many web services it's perfectly fine to manually enter a document ID at the end of a URL.
  
  The law over here states that 'unauthorized use of a computer' means that one knowingly accesses a computer system without permission, and that means that in many cases (such as on a public web service) privileged information has to be marked as such explicitly with a notice, or implicitly by protecting it with a login screen. I doubt this kid would even get a conviction here; even if it is shown that he should have reasonably known that the information wasn't public, he'd still get off very lightly (small fine or community service which might be suspended) since the information wasn't protected in any way, and no harm was done otherwise.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
8. Re:Edit Address Line Is Not Hacking by Anonymous Coward · 2018-04-16 21:12 · Score: 2, Insightful
  
  And then only if the contract doesn't contradict the law. For example if a TOS says you have to give them your first born, that doesn't mean they can make you do that.
9. Re:Edit Address Line Is Not Hacking by drinkypoo · 2018-04-16 21:52 · Score: 2
  
  Of course it's hacking. It's using software in a way in which it was not intended for your own purposes, what else do you call it? What it isn't is cracking. He didn't defeat any protection, because there was no protection. It's the difference between trespass, and breaking and entering. In the first, you're just someplace you're not supposed to be. In the second, you defeated a protection device to get there. This is equivalent to trespass, not B&E.
  The appropriate harshness of the punishment is a separate issue. No harm, no foul. Small harm, small foul. Big harm, big foul. This seems to fall into one of the two categories.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
10. Re:Edit Address Line Is Not Hacking by Anonymous Coward · 2018-04-16 22:26 · Score: 5, Insightful
  
  What a pile of shite.
  As one of the ACs in the thread above pointed out this is the wrong analogy. The server authorized the request and sent the data. A more accurate analogy would be: "I go into a public government building and ask the clerk for document #252, he says sure and hands it over. I then ask him for every other number that I can think of and he keeps saying sure, and handing them over". Your attempt at an analogy removes agency, but the web server server was configured to make the information publically available.
11. Re:Edit Address Line Is Not Hacking by edtice1559 · 2018-04-17 01:07 · Score: 2
  
  We've seen people get in trouble for reporting this mistake. At least when it comes to security lapses (Not really an apt term here since there was no security to begin with), the safe thing to do is just to walk away. I would never report a security defect unless I had a written contract to be doing penetration testing. You could argue that's not very social or responsible but I'm not taking any personal risk to help some other negligent entity who may come back and sue or prosecute me for it.
12. Re:Edit Address Line Is Not Hacking by AmiMoJo · 2018-04-17 01:12 · Score: 2, Insightful
  
  Actually yes, if you discovered such a flaw and exploited it to get lots of free coke, you likely would be prosecuted for theft.
  You know, like how fraud is still fraud even if the victim agreed to it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
13. Re:Edit Address Line Is Not Hacking by fuzznutz · 2018-04-17 02:14 · Score: 3, Informative
  
  Except, here in Belgium it is also illegal to leave your car behind unlocked.
  Yes, misuse should be punished, but negligence as well...
  And in my state it is illegal to start your car and let it warm up in the driveway unless you sit inside it. It can be -20F and covered in ice, but you can be fined for "puffing" your car. Just because something is illegal, doesn't mean it should be illegal.
14. Re:Edit Address Line Is Not Hacking by anegg · 2018-04-17 02:37 · Score: 4, Insightful
  
  Am I hacking the system if I use my remote control to sequentially access channels on my DirecTV system instead of using the DirecTV directory?
  Am I hacking the system if I conduct a (legitimate) telephone survey by progressing through the phone numbers for a given area code/prefix sequentially instead of using a telephone directory organized by name that translates to a telephone number?
  Am I hacking the system if I go trick-or-treating by house number up and down the block instead of using the HOA directory to find people in my neighborhood by name then go to their their address?
  The individual in question didn't evade any controls on the access to the information. He scanned the information that was made freely available by sequentially stepping through the information addresses rather than going through a central directory. The idea that the mere existence of a central directory makes it illegal to scan publicly available addresses directly to access unsecured information is ridiculous. The URL address system is a well-known public interface for accessing information. If the URL address system contains an obvious regular pattern, it is well within reasonable expectations that a) individuals will notice this regular pattern, and b) use the regular pattern to optimize their access to the information. The fact that every single web browser exposes the URL and allows direct manipulation of the URL suggests that URLs are not only capable of being used in this way, but that the original protocol designers and implementors intended for it to be used in this way.
15. Re:Edit Address Line Is Not Hacking by ooloorie · 2018-04-17 03:49 · Score: 2
  
  My leaving my front door unlocked does not mean you aren't guilty if breaking and entering if you open the door, walk in, and take something that isn't yours.
  But if you are a public government office and the front door is unlocked, people may assume that they are free to enter. And if you then have documents sitting there right on a table that says "public information" when people come in, people may assume that they can read them.
  Now, how about a car analogy?
16. Re: Edit Address Line Is Not Hacking by Monster_user · 2018-04-17 05:04 · Score: 2
  
  This needs an upvote.
  
  No security does not mean no crime, but it also does not indicate that a crime occured.
  
  How can one break a law which does not exist? For a law to be broken there has to be some indicator of an attempt to bypass restrictions. Accessing publicly available information in accordance with previous means supplied (the URL), does not indicate an attempt to bypass or circumvent restrictions. The situation here would be like saying finding a library book by using its letter of the alphabet and classification instead of requesting assistance from the Librarian.
17. Re:Edit Address Line Is Not Hacking by houghi · 2018-04-18 00:55 · Score: 2
  
  I understand. I once reported child porn and the police then tried to threaten me with, fraud (Giving a false address at a free email company), obstruction of the law (Informed the newspaper after 2 weeks, because the site was still up. They never even replied they where looking into it, because their email was broken) and spreading of child porn (because I _replied_ to a Usenet posting in an abuse group with the URL intact.)
  Never seen anything illegal since then. Nothing. Not ever.
  
  --
  Don't fight for your country, if your country does not fight for you.
Wow, I see a huge countersuit coming... by cyn1c77 · 2018-04-16 19:14 · Score: 5, Insightful

I am trying to understand what he did that was illegal?
He downloaded documents that the government posted on the internet, by simply "guessing" the URL, which incrementally increased from the URL that he was given by the government?
Yup, looks like a case of the government trying to offset blame to me!
Blame the kid! by Aethedor · 2018-04-16 19:20 · Score: 2

Yeah, sure. Blame the kid. Don't talk about how you fucked up your security so bad that even a kid can bypass it. No, focus on how you were done wrong.
Seriously, if a small kid can bypass your security, you deserve to be 'hacked'. No mercy for incompetence!

--
It doesn't have to be like this. All we need to do is make sure we keep talking.
1. Re:Blame the kid! by gizmod · 2018-04-16 20:21 · Score: 2
  
  There is no security! Zero authentication is done to access those pages. Any person on the planet can access that information. I bet googles spider bots have crawled and cached that entire dataset long ago allready as well. Sue google next?
They forgot to take the 'take one free' sign down. by robbak · 2018-04-16 19:34 · Score: 4, Insightful

Items placed on an open server without a login are made available for public download. Whether you meant to offer them for public download isn't relevant - you did.
He went to the server and asked politely, "Can I take one of these?" The server said, "Sure, here it is", and then tossed it to him.

--
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
He did no Hacking. by thesupraman · 2018-04-16 20:14 · Score: 2

Except he did not walk in the door.
What he did is the equivalent of walking up to the public documents window (just dream that such a thing exists..) as saying 'could I please have the FOI request number 1' then saying 'could I please have the FOI request number 2'.... until he had 7000 of them.
The fault in that case, and quite obviously in this, would be in the person (or server) that GAVE HIM THE DOCUMENTS WITHOUT ANY ATTEMPT TO VERIFY THAT HE WAS AUTHORISED TO RECEIVE THEM.
Remember, he didnt falsify ANY information, he didnt impersonate anyone, he didnt do anything else but ask the server if it would kindly send him this document, which it did.
So, your position is that asking for a document is breaking the law? Oh dear.
This is where Canada is going? by SCVonSteroids · 2018-04-16 22:46 · Score: 4, Interesting

As an Atlantic Canadian this makes me unbelievably sad.
They just traumatized a family because the government was incompetent. Is this truly where we're going?
They fucking interrogated his 13 year old sister?! I mean the documentation was fucking public; THIS IS HOW THEY CHOOSE TO HANDLE THEIR INCOMPENTENCY?
PM is outright saying he stole sensitive information; 15 officers raided the house.
Atlantic Canada is a pretty quiet place, and there's already enough sketchiness about how the general population feels about our police force; they're really not helping their case. I swear if they (Gov. & police force, RCMP I presume) don't get any repercussions for this I'll be legitimately scared of continuing to live in this country. This is beyond fucking ridiculous. I mean 10 fucking years in prison??
Yeah; I'm fucking angry, sorry.

--
I tend to rant.
1. Re:This is where Canada is going? by sinij · 2018-04-17 00:59 · Score: 2
  
  This is why Canadians need to have stronger rights against government. Be thankful they didn't attempt to revoke kid's citizenship or detain him indefinitely on terrorism charges. All of this is possible under Canadian law.
2. Re:This is where Canada is going? by drew_kime · 2018-04-17 03:32 · Score: 4, Funny
  
  Yeah; I'm fucking angry, sorry.
  That's the most Canadian thing I've ever read.
  
  --
  Nope, no sig
If you put it on a public web server... by sandbagger · 2018-04-16 22:57 · Score: 2

...expect that people will find it. This is not hacking, this is shoddy practices by the people running the FOI site and they're blaming the public. Of course, it would require a modicum of technical understanding to not blame someone else.

--
---- The above post was generated by the Turing Institute. Maybe.
Information hoarder by xvan · 2018-04-17 01:12 · Score: 2

"He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
I thought that only porn hoarders existed, but this guy was hoarding 4chan's shitposts.
In My Backyard by hipp5 · 2018-04-17 02:01 · Score: 4, Informative

So I live in Nova Scotia; i.e. this is happening in my backyard. This is absolutely about the provincial government trying to cover its a**. The mistake was discovered internally when a government employee did basically the same thing and accidentally put in a wrong URL... and instead of getting a 404 got documents that shouldn't have been public-facing (including docs with personal info, SINs and the like). Rather than owning up to the mistake and dealing with the consequences, the provincial government kept it quiet for 7 weeks, and are now using this kid as a scapegoat ("EVIL HACKERS, CLUTCH YOUR PEARLS!!!!"). It's absolutely disgusting, and I hope the court of public opinion judges them (the gov) harshly.
Public information by ArhcAngel · 2018-04-17 02:03 · Score: 2

Just because there isn't a hyperlink to the page with the document doesn't make the information private. If there wasn't security on the page/s in question they were public information regardless of what the government intended. The boy broke no laws. And no this is not like leaving your door unlocked and someone walking in to your house/car. It's more like I posted all of these documents on a public document pin board in the middle of the square but put a blank page over them so you couldn't read them without lifting the blank page. I would charge whoever designed the site (not the page coder but the person who decided not to invest in any security) with gross negligence.

--
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Freedom-of-information not itself free?.. by mi · 2018-04-17 02:22 · Score: 3, Insightful

downloading approximately 7,000 freedom-of-information releases
I'm confused... Shouldn't the freedom-of-information releases themselves be freely available to the general public?

--
In Soviet Washington the swamp drains you.
Re:Government guilty! No. Kid is insane. by AlanObject · 2018-04-17 02:51 · Score: 2

What I want to know is that did he use a script to (or curl feature) download 7,000 documents or did he just edit the URL 6,999 times?
And where is he storing 30TB of data? Yes that is actually affordable (say 4 drives about $250 each) but who spends that kind of pocket money for something so nearly unusable?
Try doing a grep -r for some string on a mounted USB drive holding 1TB of data and see how long it takes. So what good is that?
Maybe he scrolls through all those documents one by one. For what. Anybody know?
Just what could he use all this crap for. What is wrong with his brain that he wasn't just downloading porn like every other kid?
Archivist by HeckRuler · 2018-04-17 03:24 · Score: 2

"Archivist"? A 19 year old.... archivist? What kind of bullshit made up term is...

The teen is estimated to have around 30 terabytes of online data on his hard drives
...Well alright then. I'm not even mad. Props to the archivist.