Um, that is the whole point. In case you hadn't noticed, you can buy iPhones directly from Apple, in their stores, or online. That's not the "phone company". The only way Apple gets the additional kickback and fees from AT&T is via activation on AT&T. That is by design, and that's the whole way this thing was intentionally set up. So no, Apple didn't do anything "wrong" assuming that, essentially, all iPhones bought in the US will be activated on AT&T, and they will get the subsequent kickback. And that is still essentially all iPhones even WITH the unlocked ones that will be out there. Also, when you speak of account termination, you misunderstand: you NEVER have to activate an iPhone with AT&T to unlock it and use it on another carrier. That means Apple will NEVER get the expected kickback (AND monthly fees) from AT&T. If you think that means Apple "did something wrong", be my guest. I'd say the model for purchasing the iPhone at what is essentially an unsubsidized price point and expecting that people will activate with AT&T is a more than reasonable assumption, and attempting to prevent unlocking based on this model is a more than reasonable approach to attempting to ensure some modicum of carrier exclusivity.
IMHO, while a) is very lucrative per phone, b) is a LOT more phones.
The problem is, it is, as you say, your opinion. You don't get to decide what's good for Apple. Only Apple can decide what is good for Apple; or, rather, Apple gets to decide what course of action it is going to take, and everyone else can offer their opinions all they wish. And it also ignores any other factors, like contractual arrangements with AT&T to make good faith attempts to stop unlocking mechanisms discovered in a timely fashion, etc., and may jeopardize other aspects of the relationship.
To regurgitate something I said in my first post in this thread on the topic:
You can argue that "it's only good for Apple" if people get to use unlocked iPhones, but that's not your decision to make, unfortunately - it's Apple's. Don't get me wrong: YOU can decide it's good for YOU. But you don't get to decide that it's good for Apple, or anyone else. And with things like seamless activation via iTunes, Visual Voicemail, and all the tight integration that requires enormous amounts of backend cooperation with the carrier partner (think about how iPhone activation works and how it must have been to pull something like that off), is it any surprise Apple wants to keep the iPhone experience with the carrier partner?
[...]
You can make as many philosophical arguments as you want, and frankly what YOU do in YOUR house with YOUR product is YOUR business. But when there are cottage industries that spring up around iPhone unlocking and letting Mac OS X run on non-Apple hardware, Apple will try to prevent that from continuing. And then the hackers will find a way around it again...Apple KNOWS this. That's not, however, the point. There are legal, contractual, economic, and myriad other concerns when it comes to DRM on music, iPhones being tied to a carrier, and so on.
What about new customers? What about the fact that unlocked GSM phones anywhere near the class of the iPhone are ridiculously expensive?
Apple's model is unprecedented, and allows people to get a phone that isn't "subsidized" traditionally (i.e., requiring an existing account or activation right away), buy it as a gift.
So yeah, if all you buy are unlocked GSM handsets, then yeah, swapping your existing SIM works well. But if you're like 99% of normal customers and the demographic of consumers who want things like iPhones and iPods, you won't be buying unlocked GSM handsets.
Funny, and Apple and AT&T are obviously assuming most people will buy a new phone when the new contract time rolls around, but Apple will replace the battery for $79 (or do it yourself via a third party). And no, you don't have to be without your phone...you can get a loaner iPhone in the meantime that will have your phone number and all of your contacts and data after one sync with iTunes, and will look, act, and behave exactly like your own phone. (And no, Apple won't look at your phone for illegal content or hacks, and even if you are concerned about it, you can simply and easily completely erase the iPhone in seconds before it's sent in.)
AT&T will unlock phones for customers once they have fulfilled their contracts, which typically run one to two years. One big exception: Apple's iPhone, distributed exclusively in the USA by AT&T. "That's different," says AT&T spokesman Mark Siegel.
Updating baseband radio firmware that is expected to be in a predictable state, which ends up unintentionally breaking because it has been hacked in a completely unsupported and unpredictable way by the customer?
No, I think not. But they can certainly try.
I think you expect Apple to maliciously brick or re-lock unlocked phones. That may be the end result, but it will likely be for technical or other unforeseen reasons, not intentional.
(That said, I think Apple will take the pragmatic path and try to not upset the apple cart, so to speak, of already-unlocked iPhones, and will simply close the holes that allow unlocking to happen in future firmware versions.)
You're right, of course...but the problem with the iPhone is that it's *easy* to update the firmware, and people will want to do so, because it will fix bugs and add new features, sometimes significant (like the iTunes WiFi Music Store, new apps, etc.) And these firmware updates, especially those that update the radio firmware, could at best re-lock or at worst break the phone, even if Apple doesn't intend that to be the case. And as Apple fixes issues in the software itself which were first used to enable unlocking, it may be a long search for the next vulnerability to enable unlocking the iPhone - the first one took months, and while we have a baseline level of knowledge, it might not suddenly mean that it's going to be easy or quick the next time around. So while you're right that unlocked iPhones will absolutely stay unlocked if left at the same firmware, the iPhone is a unique device in that such updates are easy and many people will WANT to do just that.
While it says, "Apple is getting an unprecedented windfall on the sale of each new iPhone", the implicit assumption using any level of logic is that AT&T pays Apple based on activations, not on Apple simply giving them a report of the number of iPhones sold and AT&T anteing up without question. Further proof that it is based on activated phones on AT&T, and not just sold phones, and that there is an infrastructure to track and support this, is the fact that Apple is also getting a kickback on monthly service fees, to the tune of a rumored 3%/month for existing customers and a whopping 10%/month for new customers.
Even IF AT&T were just paying Apple for iPhones sold and not activated (which they're not, and which would be utterly stupid), Apple would still lose the monthly fee kickback, and AT&T would likely get very irritated at paying Apple for iPhones not activated on AT&T.
Your statement about AT&T not suffering in that scenario is remarkable, because they absolutely do not get the service fee if the phone is unlocked and not used on AT&T's network. Now if you're talking about people who ARE AT&T iPhone customers that simply choose to unlock their iPhone, I'd agree with you - to a point. But I'm talking about iPhones unlocked and never activated or used on AT&T, which is going to be an increasing number of iPhones. That's a much bigger market than you think it is.
I am reminded of the story about "iPhones kill WLANs" some time ago, featuring Cisco & Apple gear, which ultimately turned out to be more along the lines of "Interference From Devices On Unregulated Bands Interferes!" But you know, tht's not qute as sexy, is it?
That was an interesting story. Actually, the headline would have been "Bug In Cisco's Own Wireless Hardware Brings Down Same". It turned out that it wasn't an iPhone issue at all, and was a bug in Cisco's code. Unfortunately, the story had already made it out to everyone, including AP again which equates to hundreds of hundreds of local news outlets, that iPhones "brought down" a major university's network. When it was discovered that it was really exclusively Cisco's fault and had nothing to do with the iPhone (except perhaps for the iPhone exposing the problem in a way), were there any retractions or corrections? Outside of the very narrow IT and networking press, nope, not at all.
Really? Given that the price of the iphone is in line with the non-subsidized prices of most other GSM phones of similar complexity, it seems like Apple is doing something wrong if what you say is true.
Yes, "really". Whether Apple is losing money or making $150 on each handset sold pre-activation, the price is still inherently structured to depend on AT&T kickbacks. If they weren't getting $150-$200 and 3%/month for existing customers and 10%/month for new customers on each iPhone activation from AT&T, do you think they wouldn't miss that money? The price is ABSOLUTELY structured depending on that money from AT how could it not be?
And how is Apple "doing something wrong"? You don't think it's okay to build a profit structure into a product? And you likely underestimate the amount of R&D in terms of both sheer money and manpower that went into the iPhone. If you think the iPhone is really fundamentally basically the same thing as numerous other smartphone-type devices, we'd probably disagree on that.
While I agree with you that it doesn't have "terms" in a traditional sense, it most certainly does have "terms" in a manner of speaking; namely, that it is understood to be locked to AT&T in the US. And if you figure out how to unlock it, great. But Apple is under no obligation to keep a particular set of conditions that enable unlocking in future firmware iterations, nor is it guaranteed that an unlocked phone will remain unlocked if, for example, the radio firmware gets updated by Apple and you choose to apply said firmware update. So while you can do with it what you will (within the law, which unlocking the handset as an end customer is), you must also understand the potential for hassles. I'd guess that most anyone hacking iPhones and unlocking them understands this.
Sure, if the information and/or tools are out of reach of any US jurisdiction, e.g. overseas, absolutely people can download the tools or follow the instructions to unlock the handset. But your post made it sound like Apple MUST allow unlocking and/or not try to stop it, and they don't have to do anything of the sort.
The handset manufacturer is under no obligation to keep the same set of conditions whereby a particular tool or set of instructions works to unlock the phone. It can be argued that they also should not re-lock handsets if already unlocked. However, future firmware upgrades may possibly also break, overwrite, or otherwise undo things on handsets which are in an unexpected state (e.g., unlocked).
That said, I have no doubt people will continue to figure out how to unlock the iPhone under successive hardware/software iterations, and if there is a hobbyist/experimenter clientele out there who wants to deal with the continuing potential hassles, then more power to them. And yes, it is most certainly not illegal to unlock your GSM handset yourself (at least under the current DMCA exemption in the US) using whatever tools or instructions that may be available. But if someone offers that as a service, or makes tools available, etc., and are within reach of US jurisdiction, those kinds of operations may be shut down.
If the customer can figure out how to unlock it, great.
But the vendor is under no obligation to document it or otherwise allow it. It's just that if you figure out how to unlock your handset, it is exempted from DMCA provisions. In no way does this mean that being able to unlock is somehow mandatory or required. Just that it's legal, and only if you can figure it out. Other business profiting from it, services that unlock for you for money, and even free applications that unlock all have questionable legal status.
Yes, it is. (And apparently you didn't read any of the linked articles, because there are a lot more issues here.)
But it the manufacturer doesn't have to allow or enable it. If you can figure it out, great. But if they also stop that same unlocking procedure in future software or hardware iterations of the phone, they can.
And I really don't think Apple will be "relocking" phones...they'll likely just be plugging the holes that allowed them to be unlocked in the first place in future firmware versions. That said, I guess I wouldn't be stunned if some unlocked phones broke, intentionally or otherwise. But all of this has NO BEARING on the DMCA exception. The vendor is under zero obligation to enable unlocking.
So it's not "too bad for Jobs" at all, unfortunately.
For the record, I will be surprised if Apple actively tries to re-lock already-unlocked phones, but I would not be surprised if they try to prevent unlocking in future firmware updates, considering the current unlock mechanism uses an overflow condition that will likely be, well, fixed in future updates (should Apple not fix a potentially exploitable buffer overflow on the iPhone?). Then, someone will find some other exploitable condition to unlock the iPhone, and the game continues.
Every GSM handset under the sun has been unlocked. The main difference with iPhone is that people are more likely to do regular full firmware updates with the iPhone due to the kind of product it is and the ease of doing so via iTunes, as opposed to other GSM handsets. But I can't see Apple relocking already-unlocked phones.
That said, while an explicit exemption exists that allows end customers to legally unlock GSM handsets in the US, no such requirement exists for a vendor to allow it, document it, or provide such a capability to the customer (see also "DMCA Exemption Attorney Weighs in on iPhone Unlocking".
Further, requirements in various jurisdictions that the carrier provide a means to unlock the handset after the contract term, i.e., after the subsidy is paid, MAY NOT at all apply to the iPhone, since the iPhone is technically unsubsidized. Apple appears to be negotiating backchannel subsidies and unprecedented monthly kickbacks from carriers...but the iPhone itself still isn't subsidized under the traditional subsidy model: you can buy an iPhone, walk out, and NEVER activate it, and the phone is yours to keep. However, this may also mean that no carrier is ever obligated to unlock it for you.
Also, Apple is depending on the expected profits from AT&T kickbacks for AT&T activations...that's how the iPhone price is structured. Now, if you can figure out how to unlock your phone and use it on another carrier, great. But also don't cry if Apple throws roadblocks in the way. You can argue that "it's only good for Apple" if people get to use unlocked iPhones, but that's not your decision to make, unfortunately - it's Apple's. Don't get me wrong: YOU can decide it's good for YOU. But you don't get to decide that it's good for Apple, or anyone else. And with things like seamless activation via iTunes, Visual Voicemail, and all the tight integration that requires enormous amounts of backend cooperation with the carrier partner (think about how iPhone activation works and how it must have been to pull something like that off), is it any surprise Apple wants to keep the iPhone experience with the carrier partner?
And think of all the other ways iPhone is unique: you get to walk out of the store with it sealed in a box, it can be easily bought as a gift, the customer does activation themselves in the comfort of their own homes with a pleasant interface, and so on.
So if people can figure out how to unlock the phone, great. But don't expect Apple to not fix actual bugs like buffer overflows in the phone that are coincidentally used to enable unlocking, and don't assume that ANYONE will ever be "required" to unlock iPhones, unless it is simply flat out illegal to have a SIMlocked phone in a particular jurisdiction, in which case Apple would probably elect to skip that market entirely.
This is a lot like the Mac OS X on non-Apple hardware arguments. People always say it's "better for Apple" or "free advertising for Apple". No. Pirating the OS is not good for Apple. And even if you say "but I'd buy it for $129!" that also doesn't solve it...the $129 price is predicated on the fact that there is Apple hardware that goes along with it. So then you say, "Well, I'd even pay $250 or more! Would that fix it?" No, because part of the Apple experience is the seamless integration and things "just workin
Yes...this Apple WiFi hack IS Apple specific, because, well, it has to be.
But the vulnerability they discovered was a general one, and they explicitly stated that it could be applied to affected WiFi drivers and chipsets under other OSes, including Windows and Linux. Their discovery resulted in patches for this flaw in various WiFi drivers on various OSes. They picked Apple to make the point that "Macs can also be vulnerable" to such things.
So while the Apple exploit is specific to Apple, it is an application of the more general important vulnerability they discovered, at least as far as they claimed both in the presentation and in the subsequent interviews with Brian Krebs of the Washington Post.
Apple denied the problem existed, and threatened them - that's why this made the news. Compare this with the well-known similar flaw in some broadcom wireless chipsets (used by many vendors, including Dell & Linksys) that came out last fall. A fix came out, and the problem was solved.
Apple denied the problem existed because - and I'm not saying this can be proven, but it's what was said at the time - Maynor couldn't show Apple engineers who were at the conference how the exploit worked with the MacBook's integrated wireless; certainly not in any practical way. The fix Apple ended up deploying was essentially, from what I can tell, by applying Maynor's theoretical claims about the vulnerability and then independently discovering the vulnerability in their own code. Some might say that is enough. I'd argue that when you are a security researcher working under the guise of responsible disclosure for a reputable enterprise security research firm and telling the Washington Post directly and explicitly that the MacBook was vulnerable as-is with the stock integrated wireless, today, you have an OBLIGATION to give the vendor the information to solve the problem.
I take very serious exception to the "threat" issue. It was insinuated and implied that Apple "threatened" them. There is NO PROOF that ever occurred, and, on top of that, threatened them how? Legally? Physically? I mean, come on. An Apple engineer saying, "Uh, I don't think you should frame your demo this way...it could be bad news," if something like that occurred, isn't a "threat". And if Apple substantively threatened them in any other way, there will be proof...a letter, an email, a voicemail, anything. If someone is going to claim that Apple threatened them in any meaningful way "off the record", I'm sorry, but that's bullshit.
How Apple handled the problem is the issue. Similar to Oracle claiming that their database is "unbreakable". Oracle is a solid product, but certainly not unreakable.
No, nothing is unbreakable and Macs are vulnerable just like anything else.
I'm not apologizing for the behavior of the Mac fanboys afterward, and I already said that in one of my other posts.
But the very initial coverage stated that other WiFi drivers for similar chipsets on other platforms were already proven vulnerable. This wasn't some pie-in-the-sky theoretical claim; it was specifically stated that drivers Linux and Windows WERE vulnerable to the SAME exploit mechanism, and that the MacBook was chosen to just show that "Macs can be vulnerable too".
FUDing the story they way they did was wrong, but the damage was already done. If this were on Windows or Linux, this NEVER would have gotten picked up in the mainstream press. I say "mainstream" because that is an important distinction. The story was covered with none of the technical nuance or accuracy required, and left MILLIONS more people with the impression, even if only in passing, that "MacBooks" could be owned wirelessly in 30 seconds. Not any laptop. Not Windows. Not Linux. Just MacBooks.
If you can tell me how that's fair to Apple or how that helps Apple users, I'd appreciate it.
Also, I will say that the FUD reaction from the fanboy crowd did NOT help Apple users, and in fact did lasting damage to the Mac security situation. But if you can explain to me how the coverage, or saying that smug Mac users need lit cigarettes jammed in their eyes, or making it appear that the vulnerability ONLY affected MacBooks, or hiding the third party wireless card they used in the initial demo because of "responsible disclosure", but then immediately turning around and saying the integrated wireless in a MacBook was identically vulnerable - if you can explain to me how any of those "helped" the Mac community, I'd appreciate it.
That was AFTER it had already been picked up by the press, including mainstream non-IT press, under sensationalist headlines, and with no mention in the article that anything BUT Apple's new flagship portable was affected.
This was in the first two days before there was any rabid or insane reaction that anyone in any of these news outlets knew about (except for maybe Krebs at the Washington Post, who seemed determined to give this story legs at any cost).
The story ran under headlines like "New Mac laptops vulnerable" and "MacBook hacked in 30 seconds - wirelessly". The story ran not only in the traditional IT rags, which sometimes had the journalistic accuracy to also say the vulnerability could affect other hardware platforms and OSes just the same, but in national mainstream press outlets, including AP, which gets picked up by hundreds and hundreds of local news papers and other local media, and gets seen by millions more people than will ever see anything in Network World or The Register.
All at a time when more people than ever were considering a move to Mac OS X after the switch to Intel. Their only takeaway as they scanned the morning paper or caught a segment on the local morning news? That the "MacBook" can be "taken over" in "30 seconds", wirelessly, and all without you knowing. Hmm, might as well stay with Windows after all.
So yeah...as I already noted in another post, the reaction from the Mac crowd was even worse, FUDing the story into oblivion. However, the initial coverage wasn't because of that. At all. In any way, shape or form. It was because a security vulnerability affecting Macs is interpreted by many to be BIG NEWS, whether they're the kind of journalist (as a few in the IT press are) who want to trumpet negative Apple stories, or just simply some guy at AP who sees it as a unique story. NONE of the original coverage, which was the only substantive coverage and what had already caused the damage, was because of the Mac fanboy reaction. Rather, it was the opposite.
This affected more than the just the chipsets and drivers in use in Apple laptops. It could be used in the same fashion on any affected chipset, potentially under various drivers on multiple OSes. The MacBook was just chosen as a point of principle to show that Macs, too, can be vulnerable to such attacks. This was noted in the initial coverage in the IT press at the time, but was quickly ignored in favor of a neverending flow of sensationalist articles claiming that any attacker could now easily take over MacBooks - and only MacBooks - at will in less than 30 seconds, and wirelessly to boot.
Unfortunately, the opposing storm of FUD was just as bad, making it appear that the whole wireless vulnerability was a hoax, when in reality it was probably one of the more important general WiFi/driver vulnerabilities in recent memory. The choice of how to disclose was extremely poorly managed, and to make statements to the effect that you essentially wanted to stick it to Mac users when working under the guise of a supposedly professional and reputable security firm was what caused the problems. He embarrassed the hell out of SecureWorks by ending up with a firestorm of press that was massively bad PR for Apple.
So what, you say? It was bad press for Apple, and ONLY Apple. No other vendor of manufacturer got nailed by this in any substantive way. With Apple having such low marketshare, how is it fair for only Apple to be targeted in press articles about this? Not Maynor's fault? No, not exactly, but some of his initial choices for handling are absolutely what led to the situation. I'm sure he had little idea this would occur and just got caught up in the world between security research and disclosure on one side, and corporations and mainstream media on the other.
Yes, it affected Apple, too, but It was a general "hack" that affected WiFi chipsets on other platforms, including non-Apple hardware, Windows, and Linux!
That's the whole point of why people took issue with this, and it's still being perpetuated here!
The way it was presented, even if Maynor didn't intend it as such, especially in all of the press coverage - first IT press, then mainstream, CNN, hundreds of local papers via AP, you name it - was that it was an "Apple" WiFi hack only, and that anyone could easily and quickly completely take over your MacBook remotely.
The stories just got repeated and regurgitated over and over, even though it was a flaw that affected a lot more than Apple; indeed, the most interesting thing about the vulnerability was its universal nature and applications!
Also, in the initial reports, Maynor and Ellch hid the brand and vendor of external wireless adapter they used for the demo because of, according to them, "responsible disclosure", but then had no problems saying the exploit worked identically on a stock MacBook. So if it was important to hide the brand of the wireless adapter they used for the demo, why was it not equally important to hide the fact that the chipset in a MacBook was vulnerable? How is it fair for this to appear as an exploit affecting only Apple, appearing under headlines like "MacBook hacked in 30 seconds - remotely via wireless!"
Given that Mac users apparently needed to have "lit cigarettes stuck in their eyes" - and whether that was a joke or not, I don't see how that's professional coming from someone who is a "security researcher" presenting findings under the guise of what purports to be a professional security outfit - it appeared that the choice to use a MacBook for the demo and the ensuing firestorm of publicity was done exactly for that reason.
Would this have been news if they had used a Dell or Lenovo laptop running Windows or Linux, even if they also still said that this affected multiple platforms, including Mac OS X?
Thanks for the followup. From the information posted and linked in the slashdot summary, it wasn't clear exactly how the paystub images were obtained, or the format they were in.
You are correct that Wisconsin is not like California; I wasn't implying it was similar in every legal respect. However, the information in my example is also completely public...but it's no longer publicly accessible on-demand on the internet, and there is no legal compulsion requiring the government - whether it is the state of Wisconsin or a municipality in California, under their respective laws - to provide it via the internet or in any particular fashion.
Note also that I didn't say that the images of the paystubs *certainly* weren't public, just that while (some of) the information *on* the paystubs may be public, it doesn't necessarily follow that images of the paystubs themselves are public. That aside, any copyright argument is indeed puzzling. My only point was that there was likely more to the story, and the city seemingly didn't intend for this document to be publicly accessible, without regard to the fact that any or all of the information *on* them is public; further, it sounds like at least some of the information isn't technically public, whether you obscured it or it wasn't legible. Even if it is due exclusively to their bumbling incompetence, if the document wasn't intended to be public, I believe the city has some standing to ask for the removal of content of the document, even if the lion's share of it is public information. Further, as I'm sure you're aware - and aside from what the city believes about minutia other than compensation on the pay stubs - any member of the public can still obtain compensation information on city officials if desired.
That was my only point: that it doesn't have to happen via the internet. Also, what would happen if you provided all of the information that is most certain to be public information from the pay stubs, but not the images of the pay stubs themselves? Is it your feeling that there would be a problem? If not, I don't see what the issue is, here.
..."public information" != "information that must necessarily be accessible instantly, on-demand, via collection or aggregation by a third party" (regardless of how or from whom they were obtained, and it's also not clear whether images of the actual pay stubs themselves are completely "public information", even if they were accessible for a time)
(And love how the article is tagged "censorship"...)
Also, there is a lot of "public information" that isn't online and instantly searchable and accessible en masse. There are other issues here, which I'd hope someone who stops to think about it for a few moments can imagine.
And the bottom line is that anyone can still determine the compensation of a public employee if they wish to do so.
For example, the University of Wisconsin System made its budget summaries, including compensation - known as the Redbook available on the internet. However, now the personnel salaries are only accessible via computers with UW System IP addresses. Else,
Print copies of the Redbooks are located in the main library at all UW System institutions and the central public libraries in Madison and Milwaukee.
Salary information can be obtained by contacting the Human Resources department of any UW System institution. A CD of the Redbooks from fiscal years 2000-01 to 2006-07 can be purchased for $10.00. To file a written request for salary information or to purchase a CD, contact: [...]
Why? Because it was being abused. So now it's not universally available and publicly searchable on the internet. That doesn't mean the information still isn't "public". And before you say that the government's job should be to use technology to make access to such information easier, e.g., via putting on the internet, ask yourself if you'd want all information about you that is technically "public information" aggregated and made quickly and easily searchable by anyone on the internet on a whim, or if you'd rather that people have to actually have a legitimate need for specific pieces of information, and be willing to go through the processes to get it?
Would you want anyone to see images of your entire pay stubs, even if you work for a public agency and your compensation is "public"?
When things like the Redbook and Wisconsin Circuit Court Access became more restrictive, most of the complaints I heard over time were from people who could no longer do the essential equivalent of casual stalking of individuals' salaries and civil, criminal, and traffic court records. Persons who still have a legitimate need for it can still easily get access to the information, and any member of the public can easily obtain any information they might need.
Further, this case seems a little odd...if all of the pay stubs were available on the city's web site, why did they have to aggregate them all? They were already publicly available, right? Obviously the city didn't intend for them to be displayed or obtained the way they were, and regardless of how much "their fault" it was, how incompetent they were at running their web site, or whether it was a data leak, even if it it is "public information" doesn't mean it needs to be, or should be, aggregated en masse on a third party internet site.
Also, while the individuals' compensation may be public, actual images of pay stubs may not be at all (and probably isn't). Again, even if the city had this out in the open through their error, that still doesn't mean it should be fair game for everyone until the end of time, regardless of whether some of the content of the image is "public information". A mistake is a mistake. The city isn't filing charges against someone for "hacking"; they're asking that images of pay stubs of city employees be removed from the internet. The public can still discover the compensation of the employees if they wish,
Slashdot Mirror
Um, that is the whole point. In case you hadn't noticed, you can buy iPhones directly from Apple, in their stores, or online. That's not the "phone company". The only way Apple gets the additional kickback and fees from AT&T is via activation on AT&T. That is by design, and that's the whole way this thing was intentionally set up. So no, Apple didn't do anything "wrong" assuming that, essentially, all iPhones bought in the US will be activated on AT&T, and they will get the subsequent kickback. And that is still essentially all iPhones even WITH the unlocked ones that will be out there. Also, when you speak of account termination, you misunderstand: you NEVER have to activate an iPhone with AT&T to unlock it and use it on another carrier. That means Apple will NEVER get the expected kickback (AND monthly fees) from AT&T. If you think that means Apple "did something wrong", be my guest. I'd say the model for purchasing the iPhone at what is essentially an unsubsidized price point and expecting that people will activate with AT&T is a more than reasonable assumption, and attempting to prevent unlocking based on this model is a more than reasonable approach to attempting to ensure some modicum of carrier exclusivity.
IMHO, while a) is very lucrative per phone, b) is a LOT more phones.
The problem is, it is, as you say, your opinion. You don't get to decide what's good for Apple. Only Apple can decide what is good for Apple; or, rather, Apple gets to decide what course of action it is going to take, and everyone else can offer their opinions all they wish. And it also ignores any other factors, like contractual arrangements with AT&T to make good faith attempts to stop unlocking mechanisms discovered in a timely fashion, etc., and may jeopardize other aspects of the relationship.
To regurgitate something I said in my first post in this thread on the topic:
You can argue that "it's only good for Apple" if people get to use unlocked iPhones, but that's not your decision to make, unfortunately - it's Apple's. Don't get me wrong: YOU can decide it's good for YOU. But you don't get to decide that it's good for Apple, or anyone else. And with things like seamless activation via iTunes, Visual Voicemail, and all the tight integration that requires enormous amounts of backend cooperation with the carrier partner (think about how iPhone activation works and how it must have been to pull something like that off), is it any surprise Apple wants to keep the iPhone experience with the carrier partner?
[...]
You can make as many philosophical arguments as you want, and frankly what YOU do in YOUR house with YOUR product is YOUR business. But when there are cottage industries that spring up around iPhone unlocking and letting Mac OS X run on non-Apple hardware, Apple will try to prevent that from continuing. And then the hackers will find a way around it again...Apple KNOWS this. That's not, however, the point. There are legal, contractual, economic, and myriad other concerns when it comes to DRM on music, iPhones being tied to a carrier, and so on.
What about new customers? What about the fact that unlocked GSM phones anywhere near the class of the iPhone are ridiculously expensive?
Apple's model is unprecedented, and allows people to get a phone that isn't "subsidized" traditionally (i.e., requiring an existing account or activation right away), buy it as a gift.
So yeah, if all you buy are unlocked GSM handsets, then yeah, swapping your existing SIM works well. But if you're like 99% of normal customers and the demographic of consumers who want things like iPhones and iPods, you won't be buying unlocked GSM handsets.
Funny, and Apple and AT&T are obviously assuming most people will buy a new phone when the new contract time rolls around, but Apple will replace the battery for $79 (or do it yourself via a third party). And no, you don't have to be without your phone...you can get a loaner iPhone in the meantime that will have your phone number and all of your contacts and data after one sync with iTunes, and will look, act, and behave exactly like your own phone. (And no, Apple won't look at your phone for illegal content or hacks, and even if you are concerned about it, you can simply and easily completely erase the iPhone in seconds before it's sent in.)
From the sidebar of the very article you link:
AT&T will unlock phones for customers once they have fulfilled their contracts, which typically run one to two years. One big exception: Apple's iPhone, distributed exclusively in the USA by AT&T. "That's different," says AT&T spokesman Mark Siegel.
For how the iPhone is "different", see here.
A class action lawsuit for what?
Updating baseband radio firmware that is expected to be in a predictable state, which ends up unintentionally breaking because it has been hacked in a completely unsupported and unpredictable way by the customer?
No, I think not. But they can certainly try.
I think you expect Apple to maliciously brick or re-lock unlocked phones. That may be the end result, but it will likely be for technical or other unforeseen reasons, not intentional.
(That said, I think Apple will take the pragmatic path and try to not upset the apple cart, so to speak, of already-unlocked iPhones, and will simply close the holes that allow unlocking to happen in future firmware versions.)
You're right, of course...but the problem with the iPhone is that it's *easy* to update the firmware, and people will want to do so, because it will fix bugs and add new features, sometimes significant (like the iTunes WiFi Music Store, new apps, etc.) And these firmware updates, especially those that update the radio firmware, could at best re-lock or at worst break the phone, even if Apple doesn't intend that to be the case. And as Apple fixes issues in the software itself which were first used to enable unlocking, it may be a long search for the next vulnerability to enable unlocking the iPhone - the first one took months, and while we have a baseline level of knowledge, it might not suddenly mean that it's going to be easy or quick the next time around. So while you're right that unlocked iPhones will absolutely stay unlocked if left at the same firmware, the iPhone is a unique device in that such updates are easy and many people will WANT to do just that.
While it says, "Apple is getting an unprecedented windfall on the sale of each new iPhone", the implicit assumption using any level of logic is that AT&T pays Apple based on activations, not on Apple simply giving them a report of the number of iPhones sold and AT&T anteing up without question. Further proof that it is based on activated phones on AT&T, and not just sold phones, and that there is an infrastructure to track and support this, is the fact that Apple is also getting a kickback on monthly service fees, to the tune of a rumored 3%/month for existing customers and a whopping 10%/month for new customers.
Even IF AT&T were just paying Apple for iPhones sold and not activated (which they're not, and which would be utterly stupid), Apple would still lose the monthly fee kickback, and AT&T would likely get very irritated at paying Apple for iPhones not activated on AT&T.
Your statement about AT&T not suffering in that scenario is remarkable, because they absolutely do not get the service fee if the phone is unlocked and not used on AT&T's network. Now if you're talking about people who ARE AT&T iPhone customers that simply choose to unlock their iPhone, I'd agree with you - to a point. But I'm talking about iPhones unlocked and never activated or used on AT&T, which is going to be an increasing number of iPhones. That's a much bigger market than you think it is.
I am reminded of the story about "iPhones kill WLANs" some time ago, featuring Cisco & Apple gear, which ultimately turned out to be more along the lines of "Interference From Devices On Unregulated Bands Interferes!" But you know, tht's not qute as sexy, is it?
That was an interesting story. Actually, the headline would have been "Bug In Cisco's Own Wireless Hardware Brings Down Same". It turned out that it wasn't an iPhone issue at all, and was a bug in Cisco's code. Unfortunately, the story had already made it out to everyone, including AP again which equates to hundreds of hundreds of local news outlets, that iPhones "brought down" a major university's network. When it was discovered that it was really exclusively Cisco's fault and had nothing to do with the iPhone (except perhaps for the iPhone exposing the problem in a way), were there any retractions or corrections? Outside of the very narrow IT and networking press, nope, not at all.
Really? Given that the price of the iphone is in line with the non-subsidized prices of most other GSM phones of similar complexity, it seems like Apple is doing something wrong if what you say is true.
Yes, "really". Whether Apple is losing money or making $150 on each handset sold pre-activation, the price is still inherently structured to depend on AT&T kickbacks. If they weren't getting $150-$200 and 3%/month for existing customers and 10%/month for new customers on each iPhone activation from AT&T, do you think they wouldn't miss that money? The price is ABSOLUTELY structured depending on that money from AT how could it not be?
And how is Apple "doing something wrong"? You don't think it's okay to build a profit structure into a product? And you likely underestimate the amount of R&D in terms of both sheer money and manpower that went into the iPhone. If you think the iPhone is really fundamentally basically the same thing as numerous other smartphone-type devices, we'd probably disagree on that.
While I agree with you that it doesn't have "terms" in a traditional sense, it most certainly does have "terms" in a manner of speaking; namely, that it is understood to be locked to AT&T in the US. And if you figure out how to unlock it, great. But Apple is under no obligation to keep a particular set of conditions that enable unlocking in future firmware iterations, nor is it guaranteed that an unlocked phone will remain unlocked if, for example, the radio firmware gets updated by Apple and you choose to apply said firmware update. So while you can do with it what you will (within the law, which unlocking the handset as an end customer is), you must also understand the potential for hassles. I'd guess that most anyone hacking iPhones and unlocking them understands this.
Sure, if the information and/or tools are out of reach of any US jurisdiction, e.g. overseas, absolutely people can download the tools or follow the instructions to unlock the handset. But your post made it sound like Apple MUST allow unlocking and/or not try to stop it, and they don't have to do anything of the sort.
The handset manufacturer is under no obligation to keep the same set of conditions whereby a particular tool or set of instructions works to unlock the phone. It can be argued that they also should not re-lock handsets if already unlocked. However, future firmware upgrades may possibly also break, overwrite, or otherwise undo things on handsets which are in an unexpected state (e.g., unlocked).
That said, I have no doubt people will continue to figure out how to unlock the iPhone under successive hardware/software iterations, and if there is a hobbyist/experimenter clientele out there who wants to deal with the continuing potential hassles, then more power to them. And yes, it is most certainly not illegal to unlock your GSM handset yourself (at least under the current DMCA exemption in the US) using whatever tools or instructions that may be available. But if someone offers that as a service, or makes tools available, etc., and are within reach of US jurisdiction, those kinds of operations may be shut down.
Does Apple truly have much to lose from iPhone hackery?
Yes.
To say nothing of other intangibles like wanting to guarantee a seamless user experience with iTunes, activation, the carrier partner, etc.
Doesn't matter.
:-/
If the customer can figure out how to unlock it, great.
But the vendor is under no obligation to document it or otherwise allow it. It's just that if you figure out how to unlock your handset, it is exempted from DMCA provisions. In no way does this mean that being able to unlock is somehow mandatory or required. Just that it's legal, and only if you can figure it out. Other business profiting from it, services that unlock for you for money, and even free applications that unlock all have questionable legal status.
Here's the word from the attorney who architected the DMCA exemption.
I can't believe how much garbage information is in the comments for this article already...
Yes, it is. (And apparently you didn't read any of the linked articles, because there are a lot more issues here.)
But it the manufacturer doesn't have to allow or enable it. If you can figure it out, great. But if they also stop that same unlocking procedure in future software or hardware iterations of the phone, they can.
And I really don't think Apple will be "relocking" phones...they'll likely just be plugging the holes that allowed them to be unlocked in the first place in future firmware versions. That said, I guess I wouldn't be stunned if some unlocked phones broke, intentionally or otherwise. But all of this has NO BEARING on the DMCA exception. The vendor is under zero obligation to enable unlocking.
So it's not "too bad for Jobs" at all, unfortunately.
For the record, I will be surprised if Apple actively tries to re-lock already-unlocked phones, but I would not be surprised if they try to prevent unlocking in future firmware updates, considering the current unlock mechanism uses an overflow condition that will likely be, well, fixed in future updates (should Apple not fix a potentially exploitable buffer overflow on the iPhone?). Then, someone will find some other exploitable condition to unlock the iPhone, and the game continues.
Every GSM handset under the sun has been unlocked. The main difference with iPhone is that people are more likely to do regular full firmware updates with the iPhone due to the kind of product it is and the ease of doing so via iTunes, as opposed to other GSM handsets. But I can't see Apple relocking already-unlocked phones.
That said, while an explicit exemption exists that allows end customers to legally unlock GSM handsets in the US, no such requirement exists for a vendor to allow it, document it, or provide such a capability to the customer (see also "DMCA Exemption Attorney Weighs in on iPhone Unlocking".
Further, requirements in various jurisdictions that the carrier provide a means to unlock the handset after the contract term, i.e., after the subsidy is paid, MAY NOT at all apply to the iPhone, since the iPhone is technically unsubsidized. Apple appears to be negotiating backchannel subsidies and unprecedented monthly kickbacks from carriers...but the iPhone itself still isn't subsidized under the traditional subsidy model: you can buy an iPhone, walk out, and NEVER activate it, and the phone is yours to keep. However, this may also mean that no carrier is ever obligated to unlock it for you.
Also, Apple is depending on the expected profits from AT&T kickbacks for AT&T activations...that's how the iPhone price is structured. Now, if you can figure out how to unlock your phone and use it on another carrier, great. But also don't cry if Apple throws roadblocks in the way. You can argue that "it's only good for Apple" if people get to use unlocked iPhones, but that's not your decision to make, unfortunately - it's Apple's. Don't get me wrong: YOU can decide it's good for YOU. But you don't get to decide that it's good for Apple, or anyone else. And with things like seamless activation via iTunes, Visual Voicemail, and all the tight integration that requires enormous amounts of backend cooperation with the carrier partner (think about how iPhone activation works and how it must have been to pull something like that off), is it any surprise Apple wants to keep the iPhone experience with the carrier partner?
And think of all the other ways iPhone is unique: you get to walk out of the store with it sealed in a box, it can be easily bought as a gift, the customer does activation themselves in the comfort of their own homes with a pleasant interface, and so on.
So if people can figure out how to unlock the phone, great. But don't expect Apple to not fix actual bugs like buffer overflows in the phone that are coincidentally used to enable unlocking, and don't assume that ANYONE will ever be "required" to unlock iPhones, unless it is simply flat out illegal to have a SIMlocked phone in a particular jurisdiction, in which case Apple would probably elect to skip that market entirely.
This is a lot like the Mac OS X on non-Apple hardware arguments. People always say it's "better for Apple" or "free advertising for Apple". No. Pirating the OS is not good for Apple. And even if you say "but I'd buy it for $129!" that also doesn't solve it...the $129 price is predicated on the fact that there is Apple hardware that goes along with it. So then you say, "Well, I'd even pay $250 or more! Would that fix it?" No, because part of the Apple experience is the seamless integration and things "just workin
Yes...this Apple WiFi hack IS Apple specific, because, well, it has to be.
But the vulnerability they discovered was a general one, and they explicitly stated that it could be applied to affected WiFi drivers and chipsets under other OSes, including Windows and Linux. Their discovery resulted in patches for this flaw in various WiFi drivers on various OSes. They picked Apple to make the point that "Macs can also be vulnerable" to such things.
So while the Apple exploit is specific to Apple, it is an application of the more general important vulnerability they discovered, at least as far as they claimed both in the presentation and in the subsequent interviews with Brian Krebs of the Washington Post.
Apple denied the problem existed, and threatened them - that's why this made the news. Compare this with the well-known similar flaw in some broadcom wireless chipsets (used by many vendors, including Dell & Linksys) that came out last fall. A fix came out, and the problem was solved.
Apple denied the problem existed because - and I'm not saying this can be proven, but it's what was said at the time - Maynor couldn't show Apple engineers who were at the conference how the exploit worked with the MacBook's integrated wireless; certainly not in any practical way. The fix Apple ended up deploying was essentially, from what I can tell, by applying Maynor's theoretical claims about the vulnerability and then independently discovering the vulnerability in their own code. Some might say that is enough. I'd argue that when you are a security researcher working under the guise of responsible disclosure for a reputable enterprise security research firm and telling the Washington Post directly and explicitly that the MacBook was vulnerable as-is with the stock integrated wireless, today, you have an OBLIGATION to give the vendor the information to solve the problem.
I take very serious exception to the "threat" issue. It was insinuated and implied that Apple "threatened" them. There is NO PROOF that ever occurred, and, on top of that, threatened them how? Legally? Physically? I mean, come on. An Apple engineer saying, "Uh, I don't think you should frame your demo this way...it could be bad news," if something like that occurred, isn't a "threat". And if Apple substantively threatened them in any other way, there will be proof...a letter, an email, a voicemail, anything. If someone is going to claim that Apple threatened them in any meaningful way "off the record", I'm sorry, but that's bullshit.
How Apple handled the problem is the issue. Similar to Oracle claiming that their database is "unbreakable". Oracle is a solid product, but certainly not unreakable.
No, nothing is unbreakable and Macs are vulnerable just like anything else.
squigglesquash,
I'm not apologizing for the behavior of the Mac fanboys afterward, and I already said that in one of my other posts.
But the very initial coverage stated that other WiFi drivers for similar chipsets on other platforms were already proven vulnerable. This wasn't some pie-in-the-sky theoretical claim; it was specifically stated that drivers Linux and Windows WERE vulnerable to the SAME exploit mechanism, and that the MacBook was chosen to just show that "Macs can be vulnerable too".
FUDing the story they way they did was wrong, but the damage was already done. If this were on Windows or Linux, this NEVER would have gotten picked up in the mainstream press. I say "mainstream" because that is an important distinction. The story was covered with none of the technical nuance or accuracy required, and left MILLIONS more people with the impression, even if only in passing, that "MacBooks" could be owned wirelessly in 30 seconds. Not any laptop. Not Windows. Not Linux. Just MacBooks.
If you can tell me how that's fair to Apple or how that helps Apple users, I'd appreciate it.
Also, I will say that the FUD reaction from the fanboy crowd did NOT help Apple users, and in fact did lasting damage to the Mac security situation. But if you can explain to me how the coverage, or saying that smug Mac users need lit cigarettes jammed in their eyes, or making it appear that the vulnerability ONLY affected MacBooks, or hiding the third party wireless card they used in the initial demo because of "responsible disclosure", but then immediately turning around and saying the integrated wireless in a MacBook was identically vulnerable - if you can explain to me how any of those "helped" the Mac community, I'd appreciate it.
Yes, it did get a huge reaction.
That was AFTER it had already been picked up by the press, including mainstream non-IT press, under sensationalist headlines, and with no mention in the article that anything BUT Apple's new flagship portable was affected.
This was in the first two days before there was any rabid or insane reaction that anyone in any of these news outlets knew about (except for maybe Krebs at the Washington Post, who seemed determined to give this story legs at any cost).
The story ran under headlines like "New Mac laptops vulnerable" and "MacBook hacked in 30 seconds - wirelessly". The story ran not only in the traditional IT rags, which sometimes had the journalistic accuracy to also say the vulnerability could affect other hardware platforms and OSes just the same, but in national mainstream press outlets, including AP, which gets picked up by hundreds and hundreds of local news papers and other local media, and gets seen by millions more people than will ever see anything in Network World or The Register.
All at a time when more people than ever were considering a move to Mac OS X after the switch to Intel. Their only takeaway as they scanned the morning paper or caught a segment on the local morning news? That the "MacBook" can be "taken over" in "30 seconds", wirelessly, and all without you knowing. Hmm, might as well stay with Windows after all.
So yeah...as I already noted in another post, the reaction from the Mac crowd was even worse, FUDing the story into oblivion. However, the initial coverage wasn't because of that. At all. In any way, shape or form. It was because a security vulnerability affecting Macs is interpreted by many to be BIG NEWS, whether they're the kind of journalist (as a few in the IT press are) who want to trumpet negative Apple stories, or just simply some guy at AP who sees it as a unique story. NONE of the original coverage, which was the only substantive coverage and what had already caused the damage, was because of the Mac fanboy reaction. Rather, it was the opposite.
This affected more than the just the chipsets and drivers in use in Apple laptops. It could be used in the same fashion on any affected chipset, potentially under various drivers on multiple OSes. The MacBook was just chosen as a point of principle to show that Macs, too, can be vulnerable to such attacks. This was noted in the initial coverage in the IT press at the time, but was quickly ignored in favor of a neverending flow of sensationalist articles claiming that any attacker could now easily take over MacBooks - and only MacBooks - at will in less than 30 seconds, and wirelessly to boot.
Unfortunately, the opposing storm of FUD was just as bad, making it appear that the whole wireless vulnerability was a hoax, when in reality it was probably one of the more important general WiFi/driver vulnerabilities in recent memory. The choice of how to disclose was extremely poorly managed, and to make statements to the effect that you essentially wanted to stick it to Mac users when working under the guise of a supposedly professional and reputable security firm was what caused the problems. He embarrassed the hell out of SecureWorks by ending up with a firestorm of press that was massively bad PR for Apple.
So what, you say? It was bad press for Apple, and ONLY Apple. No other vendor of manufacturer got nailed by this in any substantive way. With Apple having such low marketshare, how is it fair for only Apple to be targeted in press articles about this? Not Maynor's fault? No, not exactly, but some of his initial choices for handling are absolutely what led to the situation. I'm sure he had little idea this would occur and just got caught up in the world between security research and disclosure on one side, and corporations and mainstream media on the other.
Yes, it affected Apple, too, but It was a general "hack" that affected WiFi chipsets on other platforms, including non-Apple hardware, Windows, and Linux!
That's the whole point of why people took issue with this, and it's still being perpetuated here!
The way it was presented, even if Maynor didn't intend it as such, especially in all of the press coverage - first IT press, then mainstream, CNN, hundreds of local papers via AP, you name it - was that it was an "Apple" WiFi hack only, and that anyone could easily and quickly completely take over your MacBook remotely.
The stories just got repeated and regurgitated over and over, even though it was a flaw that affected a lot more than Apple; indeed, the most interesting thing about the vulnerability was its universal nature and applications!
Also, in the initial reports, Maynor and Ellch hid the brand and vendor of external wireless adapter they used for the demo because of, according to them, "responsible disclosure", but then had no problems saying the exploit worked identically on a stock MacBook. So if it was important to hide the brand of the wireless adapter they used for the demo, why was it not equally important to hide the fact that the chipset in a MacBook was vulnerable? How is it fair for this to appear as an exploit affecting only Apple, appearing under headlines like "MacBook hacked in 30 seconds - remotely via wireless!"
Given that Mac users apparently needed to have "lit cigarettes stuck in their eyes" - and whether that was a joke or not, I don't see how that's professional coming from someone who is a "security researcher" presenting findings under the guise of what purports to be a professional security outfit - it appeared that the choice to use a MacBook for the demo and the ensuing firestorm of publicity was done exactly for that reason.
Would this have been news if they had used a Dell or Lenovo laptop running Windows or Linux, even if they also still said that this affected multiple platforms, including Mac OS X?
Thanks for the followup. From the information posted and linked in the slashdot summary, it wasn't clear exactly how the paystub images were obtained, or the format they were in.
You are correct that Wisconsin is not like California; I wasn't implying it was similar in every legal respect. However, the information in my example is also completely public...but it's no longer publicly accessible on-demand on the internet, and there is no legal compulsion requiring the government - whether it is the state of Wisconsin or a municipality in California, under their respective laws - to provide it via the internet or in any particular fashion.
Note also that I didn't say that the images of the paystubs *certainly* weren't public, just that while (some of) the information *on* the paystubs may be public, it doesn't necessarily follow that images of the paystubs themselves are public. That aside, any copyright argument is indeed puzzling. My only point was that there was likely more to the story, and the city seemingly didn't intend for this document to be publicly accessible, without regard to the fact that any or all of the information *on* them is public; further, it sounds like at least some of the information isn't technically public, whether you obscured it or it wasn't legible. Even if it is due exclusively to their bumbling incompetence, if the document wasn't intended to be public, I believe the city has some standing to ask for the removal of content of the document, even if the lion's share of it is public information. Further, as I'm sure you're aware - and aside from what the city believes about minutia other than compensation on the pay stubs - any member of the public can still obtain compensation information on city officials if desired.
That was my only point: that it doesn't have to happen via the internet. Also, what would happen if you provided all of the information that is most certain to be public information from the pay stubs, but not the images of the pay stubs themselves? Is it your feeling that there would be a problem? If not, I don't see what the issue is, here.
1. No one declared employee compensation non-public.
2. Images of entire pay stubs are not necessarily (and probably aren't) public.
3. Any member of the public may still obtain compensation information about employees from the city.
(And love how the article is tagged "censorship"...)
Also, there is a lot of "public information" that isn't online and instantly searchable and accessible en masse. There are other issues here, which I'd hope someone who stops to think about it for a few moments can imagine.
And the bottom line is that anyone can still determine the compensation of a public employee if they wish to do so.
For example, the University of Wisconsin System made its budget summaries, including compensation - known as the Redbook available on the internet. However, now the personnel salaries are only accessible via computers with UW System IP addresses. Else,
Why? Because it was being abused. So now it's not universally available and publicly searchable on the internet. That doesn't mean the information still isn't "public". And before you say that the government's job should be to use technology to make access to such information easier, e.g., via putting on the internet, ask yourself if you'd want all information about you that is technically "public information" aggregated and made quickly and easily searchable by anyone on the internet on a whim, or if you'd rather that people have to actually have a legitimate need for specific pieces of information, and be willing to go through the processes to get it?
Would you want anyone to see images of your entire pay stubs, even if you work for a public agency and your compensation is "public"?
When things like the Redbook and Wisconsin Circuit Court Access became more restrictive, most of the complaints I heard over time were from people who could no longer do the essential equivalent of casual stalking of individuals' salaries and civil, criminal, and traffic court records. Persons who still have a legitimate need for it can still easily get access to the information, and any member of the public can easily obtain any information they might need.
Further, this case seems a little odd...if all of the pay stubs were available on the city's web site, why did they have to aggregate them all? They were already publicly available, right? Obviously the city didn't intend for them to be displayed or obtained the way they were, and regardless of how much "their fault" it was, how incompetent they were at running their web site, or whether it was a data leak, even if it it is "public information" doesn't mean it needs to be, or should be, aggregated en masse on a third party internet site.
Also, while the individuals' compensation may be public, actual images of pay stubs may not be at all (and probably isn't). Again, even if the city had this out in the open through their error, that still doesn't mean it should be fair game for everyone until the end of time, regardless of whether some of the content of the image is "public information". A mistake is a mistake. The city isn't filing charges against someone for "hacking"; they're asking that images of pay stubs of city employees be removed from the internet. The public can still discover the compensation of the employees if they wish,