You have a choice where to work and what conditions you accept in return for your salary. And this is the government doing it and withholding your education if you refuse.
The education can be delivered off campus if necessary. Many people home school.
Attendance is not the only use for the badges. Some of the other aspects are as follows; 1. Identifying people who should not be on campus. If a person does not have a visible ID then that person should not be on campus. That is where the security comes in. 2. Signing up for extra curricular activities. With the ID it takes much less time to sign up as the school does not have to type in the student's ID.
Signing in at the door then requires someone to enter that data. Now the school has to run two parallel systems and that will cost more money.
Then one is obliged to ask a store clerk if it is ok to go into the room. If someone went in that room and stole merchandise it would still be burglary.
Ask that question of every business that has switched to automated time cards. If manual attendance needed to be taken at the beginning of every class it would take about 5 minutes. That would mean 5 minutes less class time. Over a school year that is 75 hours of wasted time or three weeks of classes. Then the information has to be typed into a computer for each class. That takes time and manpower. The attendance records may not get into the system until hours after the class. One of the aspects of the system is knowing quickly when a student is absent. And then there are errors. Every time data is entered into a system an error can occur. It could be the teacher marking the wrong check box or the data entry operator ding the same thing. I am not saying an error will never occur but it is much less likely.
What process do you think is faster and more accurate?
1. Ask each student if they are there, 2. Mark the correct box on the attendance sheet 3. Send the sheet to the office 4. Data enter the sheet. or 1. Walk through the door and have a computer record the student's presence
The difference in costs is due to the difference between capitol costs and operating costs. In the paper method the capitol costs are low, paper is cheap, but the operating costs are high, it take time for someone to enter all that data, With the badge system the capitol costs are high, all the readers and badges, but the operating costs are low, data entry is automatic. In most cases operating costs of a paper system far outweigh the capitol costs of a badge system.
Or they could just not send their kid to that school that has the program they object to. They have that right but they do not have the right to force the school to have programs that only conform to their religious beliefs. The reason the program works is that everyone has a visible ID card. Anyone without one should not be there. If too many kids refuse to wear the cards they will have to me checked each time they are seen and then will complain about being harassed.
What's at issue is not wearing ID, but compliance.
Are you saying that someone not wanting to comply with a program is sufficient reason to not have to? I don't want my child to have to wear a uniform therefore she does not have to. I don't want my child to learn math so she does not have to but can still graduate. See the issue? When compliance means the success or failure of a program that could keep drug dealers out of school and kids in school it overrides religious concerns.
In every request he sent was the ID of a phone that he did not own. He specifically asked for information that he knew he had no right to. Also the URL he hit was not published and he had never used it before. He was not trying to get what he used to get but he was trying to get information he knew that was illegal to have. That he got it through an unlocked door make no difference.
If you click on the same link over 300000 times, record the results and publish them then yes you should go to jail. Once, probably not. In every law there is an intent clause. Clicking once could be an accident. Clicking 300,000 time shows intent. By the way, the mal-formed URL is the issue of the person who wrote the URL and maybe not the issue of the person who clicked on it. In this case the accused created a script to send hundreds of thousands of requests to the server. There was definite intent there.
They completely have the right not to endorse the program; they just do not send their daughter to that school or, if need be, home school. If they want they can protest outside the school to ask others not to do so as well. The family is trying to break a system so that they can force their religious views on others causing them to be less safe while at school.
Business that require visible ID at all time tends to be in the sectors that screw up real bad (financial sector).
Every provincial employee in British Columbia is required to display an ID badge while at the office. Most of them have nothing to do with finances.
Plus getting all kids to accept real-time tracking can be a precursor to a full-fledge police state Joseph Stalin would be jealous of.
And it might not be. It might actually be a way of easily identifying the kids who should not be at the school. They are usually the ones causing trouble like selling drugs on campus. Like many "slippery slope" arguments this one ignores the good that can occur today, identifying who are students and cutting costs, due to the bad that may or may not happen in the future. If there is a problem with what is happening today then say it. If you are only concerned with what may happen in the future we will deal with it if it ever is proposed.
I am SO glad metal detactors and chip tracking students are not implemented in my country.
Perhaps you live in a country that does not have as much of a problem with guns and drugs as the US. Different situations require different measures.
Please read all the posts before responding. He did not click on a random link. He crafted a specific URL with possible phone IDs and sent them to the server. He deliberately was looking for the information. Most requests were securely locked down but he found one that was not. It is much closer to going around a building looking for an unlocked door. The difference between trespassing and burglary is that trespassing is mere presence while burglary requires intent to do a criminal act while on the property. In this case the intent was to take data.
It does not matter whether or not the Web addresses were hidden behind password prompts in the same way it does not matter whether or not a door is locked on a building. Entering a building through an unlocked door for the purposes of an illegal act is still burglary.
The "empty lot" analogy does not hold water for the following reasons; 1. The lot was not empty as there was plenty of data there. 2. He did much more than look around as he copied information that he should not have had access to and took that copy off the property.
One could see a similarity between crafting the URL with making a key for a lock. If the URL was not correct he would not get data. If a key is not correct the lock will not open. The fact that there are a large number of keys does not negate the fact that he had to deliberately craft it.
Whether or not a building is locked or a service password protected defines how difficult it is to break in and not what crime is committed.
The difference is that the Nazis only forced the Jews to wear the Star of David so that they could be more easily singled out and oppressed. It is very different when everyone has to have the ID card. If you do not have a visible school ID card then you shouldn't be there. It happens every day in most secure businesses and no one complains. Why should a school be any less secure than your office?
Her refusal is based on an interpretation of the Bible. Is she never going to carry ID? I guess she win't be driving, joining a club, getting a job or leaving the country. All of these require carrying a numbered card which she refuses to do.
I don't go to conferences for the food either, but you know what, a good diverse menu makes the whole thing better too.
When you are eating that excellent food does it matter if it was made by a straight white male or a lesbian black female? I doubt it very much. That is the point. The product is what is important and not who presents it. Have you ever tried to put on a big conference? Do you have any idea how difficult it is to coordinate speakers? Do you realize how much trouble can be caused by throwing "diversity" in as a selection criteria? It is too easy for the following to occur. 1. Sarah cancels 2. Can't find a female speaker to take her place. 3. Get a male speaker. 4. Cancel another male speaker in a different session and get a female replacement for the sake of diversity. That second male speaker just got bumped for the sake of diversity alone.
If they are excellent speakers their personality and life experience shines through their presentation.
I do not care one bit about a presenter's "personality and life experience" when dealing with technical issues. As has been said "Just the facts mam".
This is where the modern age of data does not jive with the laws dealing with material goods. You are also confusing the analogy with the real life incident. The analogy refers to "theft" but the charges refer to "unauthorized access" and "illegal possession". Analogies are never perfect. The point is that the hacker was never authorizes to access or copy the information.
It was also much different than being on a public web site. The hacker didn't just click on a link and have the data appear. He had to send specific requests containing specific information to get the data that he knew he was not supposed to see. Just because there was a security hole does not make it legal.
Burglary is the illegal entry into a building for the purposes of committing a crime, in this case the illegal copying of data, and need not include circumvention of security. They were not authorized to access the private server therefore the act was illegal. Locks are there to make crime more difficult; not to define what a crime is.
Have you noticed that none of the people suggested live in England? The whole idea that because something looks racist it must be racist. Could it be possible that the organizers know the people that were invited? What about the 5 spots thet were open for submissions. Did any of you list submit applications?
Diversity means different viewpoints, different perspectives, different approaches
I would agree if the topic was social and not factual. How to write good software has nothing to do with the gender, sexual preference or ethnicity of the writer. Do African Americans write software different from Caucasians? Do heterosexuals write programs differently than homosexuals? The answer to both question is no.
If it comes down to selecting and excellent white male speaker or a mediocre black female speaker I would choose the better speaker regardless of diversity.
Give them time to try fixing it. If they don't fix it and publicize it then go to the press. The right way is to give the company a chance to fix the problem.
It is difficult to bury a data security breach if it is in the courts.
Maybe maybe not. All web site owners do not react in the same way. Even if they did threaten a law suit they would have to prove it was you who told the press. If the site didn't fix the issue and go public with the problem then go to the press. Projecting what might happen and reacting to a possibility is just wrong.
Show me which charge involves disseminating information on a scrounger website? Up to 5 years for trespassing in an open warehouse seems ridiculous (each charge carries up to 5 years)
How about burglary (1-20 years depending on state) and possession of stolen property (up to 10 years in Washington State) would be the similar charge. They could not disseminate the information if they did not have it. They didn't just trespass, they copied the information and took it away. The charge is not about disseminating the information it has to do the possession of the information. Had they not stored the addresses the problem would have been a lot less severe.
Even better analogy; 1.Leave confidential material in a folder in an unlocked room.(create an mechanism on the server to access info without proper security) 2. Someone come along and search the room (make semi-random requests to the server) 3. Copy the information in the folder (record the server responses) 4. Publish where the room is, where the folder is and the contents of the folder. (put the server name, request format and received data out on the internet) A true White had would have told the company before publishing the breach and they would not have tried hundreds of thousands of requests. Just because there is not a lock on the door does not mean one can rummage through the room, copy the information and publish it.
Would you be saying something different if someone found a warehouse door open and reported it on a scrounger web site before they reported it to the owner of the warehouse? Data has value just like merchandise. The issue is not what they did but the way they did it. A true White Hat hacker would have told the company first and given them a chance to fix it before publicizing it.
How about reporting it to the place that can fix it rather than to the public that can exploit it? Oh yeah, one does not have to do it millions of times to prove there is an issue. The script probably sent millions of requests to get the 110,000 valid responses.
You have a choice where to work and what conditions you accept in return for your salary. And this is the government doing it and withholding your education if you refuse.
The education can be delivered off campus if necessary. Many people home school.
Attendance is not the only use for the badges. Some of the other aspects are as follows;
1. Identifying people who should not be on campus. If a person does not have a visible ID then that person should not be on campus. That is where the security comes in.
2. Signing up for extra curricular activities. With the ID it takes much less time to sign up as the school does not have to type in the student's ID.
Signing in at the door then requires someone to enter that data. Now the school has to run two parallel systems and that will cost more money.
It does not matter how big the legal department is if they can not prove anything in court.
Then one is obliged to ask a store clerk if it is ok to go into the room. If someone went in that room and stole merchandise it would still be burglary.
Ask that question of every business that has switched to automated time cards. If manual attendance needed to be taken at the beginning of every class it would take about 5 minutes. That would mean 5 minutes less class time. Over a school year that is 75 hours of wasted time or three weeks of classes. Then the information has to be typed into a computer for each class. That takes time and manpower. The attendance records may not get into the system until hours after the class. One of the aspects of the system is knowing quickly when a student is absent. And then there are errors. Every time data is entered into a system an error can occur. It could be the teacher marking the wrong check box or the data entry operator ding the same thing. I am not saying an error will never occur but it is much less likely.
What process do you think is faster and more accurate?
1. Ask each student if they are there,
2. Mark the correct box on the attendance sheet
3. Send the sheet to the office
4. Data enter the sheet.
or
1. Walk through the door and have a computer record the student's presence
The difference in costs is due to the difference between capitol costs and operating costs. In the paper method the capitol costs are low, paper is cheap, but the operating costs are high, it take time for someone to enter all that data, With the badge system the capitol costs are high, all the readers and badges, but the operating costs are low, data entry is automatic. In most cases operating costs of a paper system far outweigh the capitol costs of a badge system.
Or they could just not send their kid to that school that has the program they object to. They have that right but they do not have the right to force the school to have programs that only conform to their religious beliefs. The reason the program works is that everyone has a visible ID card. Anyone without one should not be there. If too many kids refuse to wear the cards they will have to me checked each time they are seen and then will complain about being harassed.
What's at issue is not wearing ID, but compliance.
Are you saying that someone not wanting to comply with a program is sufficient reason to not have to? I don't want my child to have to wear a uniform therefore she does not have to. I don't want my child to learn math so she does not have to but can still graduate. See the issue?
When compliance means the success or failure of a program that could keep drug dealers out of school and kids in school it overrides religious concerns.
In every request he sent was the ID of a phone that he did not own. He specifically asked for information that he knew he had no right to. Also the URL he hit was not published and he had never used it before. He was not trying to get what he used to get but he was trying to get information he knew that was illegal to have. That he got it through an unlocked door make no difference.
If you click on the same link over 300000 times, record the results and publish them then yes you should go to jail. Once, probably not. In every law there is an intent clause. Clicking once could be an accident. Clicking 300,000 time shows intent. By the way, the mal-formed URL is the issue of the person who wrote the URL and maybe not the issue of the person who clicked on it. In this case the accused created a script to send hundreds of thousands of requests to the server. There was definite intent there.
They completely have the right not to endorse the program; they just do not send their daughter to that school or, if need be, home school. If they want they can protest outside the school to ask others not to do so as well. The family is trying to break a system so that they can force their religious views on others causing them to be less safe while at school.
Neither is every utility worker who comes to your door but they are required to have visible ID.
Business that require visible ID at all time tends to be in the sectors that screw up real bad (financial sector).
Every provincial employee in British Columbia is required to display an ID badge while at the office. Most of them have nothing to do with finances.
Plus getting all kids to accept real-time tracking can be a precursor to a full-fledge police state Joseph Stalin would be jealous of.
And it might not be. It might actually be a way of easily identifying the kids who should not be at the school. They are usually the ones causing trouble like selling drugs on campus. Like many "slippery slope" arguments this one ignores the good that can occur today, identifying who are students and cutting costs, due to the bad that may or may not happen in the future. If there is a problem with what is happening today then say it. If you are only concerned with what may happen in the future we will deal with it if it ever is proposed.
I am SO glad metal detactors and chip tracking students are not implemented in my country.
Perhaps you live in a country that does not have as much of a problem with guns and drugs as the US. Different situations require different measures.
Please read all the posts before responding. He did not click on a random link. He crafted a specific URL with possible phone IDs and sent them to the server. He deliberately was looking for the information. Most requests were securely locked down but he found one that was not. It is much closer to going around a building looking for an unlocked door. The difference between trespassing and burglary is that trespassing is mere presence while burglary requires intent to do a criminal act while on the property. In this case the intent was to take data.
It does not matter whether or not the Web addresses were hidden behind password prompts in the same way it does not matter whether or not a door is locked on a building. Entering a building through an unlocked door for the purposes of an illegal act is still burglary.
The "empty lot" analogy does not hold water for the following reasons;
1. The lot was not empty as there was plenty of data there.
2. He did much more than look around as he copied information that he should not have had access to and took that copy off the property.
One could see a similarity between crafting the URL with making a key for a lock. If the URL was not correct he would not get data. If a key is not correct the lock will not open. The fact that there are a large number of keys does not negate the fact that he had to deliberately craft it.
Whether or not a building is locked or a service password protected defines how difficult it is to break in and not what crime is committed.
The difference is that the Nazis only forced the Jews to wear the Star of David so that they could be more easily singled out and oppressed. It is very different when everyone has to have the ID card. If you do not have a visible school ID card then you shouldn't be there. It happens every day in most secure businesses and no one complains. Why should a school be any less secure than your office?
Her refusal is based on an interpretation of the Bible. Is she never going to carry ID? I guess she win't be driving, joining a club, getting a job or leaving the country. All of these require carrying a numbered card which she refuses to do.
The basic privacy is moot because she was offered a card without an RFID chip.
She was offered a badge without an RFID chip in it. She refuses to wear a badge of any sort.
I don't go to conferences for the food either, but you know what, a good diverse menu makes the whole thing better too.
When you are eating that excellent food does it matter if it was made by a straight white male or a lesbian black female? I doubt it very much. That is the point. The product is what is important and not who presents it. Have you ever tried to put on a big conference? Do you have any idea how difficult it is to coordinate speakers? Do you realize how much trouble can be caused by throwing "diversity" in as a selection criteria? It is too easy for the following to occur.
1. Sarah cancels
2. Can't find a female speaker to take her place.
3. Get a male speaker.
4. Cancel another male speaker in a different session and get a female replacement for the sake of diversity.
That second male speaker just got bumped for the sake of diversity alone.
If they are excellent speakers their personality and life experience shines through their presentation.
I do not care one bit about a presenter's "personality and life experience" when dealing with technical issues. As has been said "Just the facts mam".
This is where the modern age of data does not jive with the laws dealing with material goods.
You are also confusing the analogy with the real life incident. The analogy refers to "theft" but the charges refer to "unauthorized access" and "illegal possession". Analogies are never perfect. The point is that the hacker was never authorizes to access or copy the information.
It was also much different than being on a public web site. The hacker didn't just click on a link and have the data appear. He had to send specific requests containing specific information to get the data that he knew he was not supposed to see. Just because there was a security hole does not make it legal.
Burglary is the illegal entry into a building for the purposes of committing a crime, in this case the illegal copying of data, and need not include circumvention of security. They were not authorized to access the private server therefore the act was illegal. Locks are there to make crime more difficult; not to define what a crime is.
Have you noticed that none of the people suggested live in England? The whole idea that because something looks racist it must be racist. Could it be possible that the organizers know the people that were invited? What about the 5 spots thet were open for submissions. Did any of you list submit applications?
Diversity means different viewpoints, different perspectives, different approaches
I would agree if the topic was social and not factual. How to write good software has nothing to do with the gender, sexual preference or ethnicity of the writer. Do African Americans write software different from Caucasians? Do heterosexuals write programs differently than homosexuals? The answer to both question is no.
If it comes down to selecting and excellent white male speaker or a mediocre black female speaker I would choose the better speaker regardless of diversity.
Give them time to try fixing it. If they don't fix it and publicize it then go to the press. The right way is to give the company a chance to fix the problem.
It is difficult to bury a data security breach if it is in the courts.
Maybe maybe not. All web site owners do not react in the same way. Even if they did threaten a law suit they would have to prove it was you who told the press. If the site didn't fix the issue and go public with the problem then go to the press. Projecting what might happen and reacting to a possibility is just wrong.
Show me which charge involves disseminating information on a scrounger website? Up to 5 years for trespassing in an open warehouse seems ridiculous (each charge carries up to 5 years)
How about burglary (1-20 years depending on state) and possession of stolen property (up to 10 years in Washington State) would be the similar charge. They could not disseminate the information if they did not have it. They didn't just trespass, they copied the information and took it away. The charge is not about disseminating the information it has to do the possession of the information. Had they not stored the addresses the problem would have been a lot less severe.
Even better analogy;
1.Leave confidential material in a folder in an unlocked room.(create an mechanism on the server to access info without proper security)
2. Someone come along and search the room (make semi-random requests to the server)
3. Copy the information in the folder (record the server responses)
4. Publish where the room is, where the folder is and the contents of the folder. (put the server name, request format and received data out on the internet)
A true White had would have told the company before publishing the breach and they would not have tried hundreds of thousands of requests. Just because there is not a lock on the door does not mean one can rummage through the room, copy the information and publish it.
Would you be saying something different if someone found a warehouse door open and reported it on a scrounger web site before they reported it to the owner of the warehouse? Data has value just like merchandise. The issue is not what they did but the way they did it. A true White Hat hacker would have told the company first and given them a chance to fix it before publicizing it.
How about reporting it to the place that can fix it rather than to the public that can exploit it? Oh yeah, one does not have to do it millions of times to prove there is an issue. The script probably sent millions of requests to get the 110,000 valid responses.