You know that this would not have been a problem, had they had to store all the data on 5 1/4" floppy disks, right? The backup alarm on the semi truck would have been a dead giveaway...
Researchers don't need SSN for patient. Just assign each patient a number and refer to them that way.
The CS professional should have sanitized the data before releasing it.
In this case, the intent was to use the lab results to ensure improved patient outcomes. This means that the data had to be trackable back to the patients that provided it, and then the lab results were to be fed back into the treatment of said patients.
So this was technically not "human trials research", it was a bioinformatics business process to manage outcomes. As such, it's HIPAA protected, certainly -- but also, 100% personally identifiable.
For the people I know who have bought private insurance, or participated in one of the exchanges, but not yet provided their social security number, there tends to be a lot of letters sent (on the order of one a month) from the insurer, asking for the social, nominally to inform the IRS of your insurance, with the implied threat that if you don't provide the social, the IRS is going to eat your babies.
In other words: health care providers really, really like your social. Typically, according to people in the billing industry whom I also happen to know, it so that when they screw up on their billing -- which they inevitably do -- they can send the bills to a collections agency easier, in order to damage your credit over their screwup, until you pay them for their inability to code a procedure "correctly" so the health insurance accepts the coding.
So they had the socials, probably for not very good reasons, and they used them as an identifier for notionally very good reasons of unique correlation, and then they lost the data because they were idiots who don't routinely protect HIPAA data to the level required to allow them use of it in the first place.
From tlambert's explanation it is clear that people not only expect to be tracked under the circumstances that the lawyer described (phone on, SIM inserted), but know they can also be tracked if the SIM has been removed, and they'll let you know on Slashdot if you get that detail wrong.
So basically, you are saying that because I know, and you've already used the term "aspi" (which is also not correct, BTW) to describe me, that therefore "everybody knows".
Because, you argue, I'm not representative of normal people, yet you are using me to be representative of "everybody": "because tlambert knows, therefore everybody knows".
So are you going to have your cake, or are you going to eat your cake?
I guarantee you, if I were sitting in a jury room deciding on your case, I am just as capable of abusing an "IF NOT A THEN B" Aristotelian Mean to convince the jurors as you are capable of abusing one to treat a witness as hostile to force them to answer "yes" or "no", and then asking "Have you quit disseminating child pornography yet?".
One of the major problems with lawyers -- and this is how they lose cases -- is that they always believe they are the smartest person in the room. So they believe people won't catch them in lies, like an assumed premise fallacy, or other bullshit abuses of illogic. And then they pull this kind of shit in front of a jury, and one of the jurors catches them out.
There is a good reason we have so many people on a jury: even if the lawyer *is* the smartest person in the room (which is a hell of a stretch, but let's assume it as a working hypothesis, for the sake of argument), collectively, the jury is smarter, and at least one, if not more, jurors are going to catch them in any shenanigans they pull.
And you know what pisses people off more than nearly anything you can do in front of them, short of kicking puppies? Being condescending is a way that makes it clear that you think they are stupid.
Hans Reiser went to jail, not because they had the evidence to put him there, prior to his bargain to mitigate his sentence provided them with evidence, but because he was a smarmy, arrogant asshole, who made it clear to everyone that he felt he was the smartest guy in the room. He was convicted because no one on the jury liked him, and the judge let it stand, because there was a lot of (not entirely convincing) circumstantial evidence, and a couple (individually, not very credible) witnesses, and... the judge didn't like him either.
The "everybody knows" argument doesn't fly.
As far as most people know, if they have their phone on "silent", they can't be tracked (if it can't be made to ring or vibrate on an emergency call from the babysitter or because mom's cat fell down the stairs, it must be "off", right?).
In fact, I'd bet a lot of people who have older phones without a GPS don't think it can be tracked, because they think GPS actively transmits your location, rather than passively receiving information on its own location so that the device know where it is, but unless it communicates it to someone else, or records it for later download, no one else gets to know where you are.
I can't tell you how many times I've heard "Why can't they just put a GPS on it so they can find it?" when it comes to yet another Malaysian plane going missing. It's easier to counter this misinformation with more misinformation, rather than explaining: "Maybe they had an older phone; older phones don't have GPS".
I'm not Hans Reiser. I'm also not writing an O.J. style "If I had done it" book...
Me thinking that most lawyers are assholes because most congressmen are assholes (else why would they write the legislation they write?), and most congressmen are lawyers...
The saving grace in the situation you mention, of course, is that *your* lawyer is *your* asshole. You want him to be better at it than the other guys asshole.
I think law does not work the way you think it does.
I think juries do not work the way you think they do. We are not all stupid sheep, to be led to your chosen conclusion which benefits your idiot client.
If the lawyer is wrong about his assertion of not being able to track with the SIM removed, he is likely wrong about his assertion that "everybody knows". If he can screw one thing up in a case which is, in theory, important to his client, then he's probably screwed up a bunch of stuff. One false piece of information, and his credibility is out the window. He can ask questions, but any information he himself offers -- such as the assertion that "everybody knows", or his client not needing a warrant -- is suspect.
The word you're looking for is delighted, because you're arguing his case. Thanks to your testimony, it is clear that people know that there is no way to evade tracking, so using phones anyway is tacit approval of being tracked. Geeks think they're smart, but they're really just useful idiots.
No, I called into question the veracity of his statement. Rather than saying "Objection, your honor! Prosecution is testifying!", and getting a disregard instruction that can never actually be really disregarded.
Plus, you *can* turn some phones off. For example, doing a hard reset on an iPhone as if it were hung will turn it off (and require that you manually power it on again), unlike some phones which just keep the baseband on at all times. So for some phones: yes, you can stop the tracking. For other phones: no, you can not stop the tracking.
P.S.: I was thrown off a jury once for knowing too much about phones. The judge allowed written jury questions, and in one of mine, I offered to demonstrate cloning the IMEI and SIM #'s for a phone to prove that the tracking was unreliable.
P.P.S.: He's probably be disturbed, if he was removing the SIM with the idea that it would prevent him being tracked visiting his mistress, and his wife getting half, as a result.
I think GP just hates anybody who is part of the 1%. Not the 1.01%, or the 3.14159%, because they're part of the 99%. He just hates the 1%.
Barron's Definition of the One Percent: "they have median annual household income of $750,000, median assets of $7.5 million, and there are 1.2 million of them across the country."
Well, that definitely lets me out. It also lets out almost everyone else I know who was cheated out of higher wages due to wage-fixing. The lawsuit was, in fact, all about the cheating harming people who were *not* in the 1%.
If he'd looked at my posting history, he'd know that I'm sympathetic with blue collar unemployment, but in my opinion, the blame lies directly on the backs of the people who gave MFN status to China, and who pushed the TPP through on "fast track", and then signed it. The market crash lies squarely on the backs of the people who created the CDOs and the Credit Default Swaps, and tied them to the doomed housing market so that when the housing market crashed, so did the financial market. The doomed housing market came about because of adjustable rate mortgages and mortgage backed securities, which in turn came about due to the Gramm–Leach–Bliley Act, which the U.S. had to pass (regardless, despite that Bernie is claiming to have opposed it) because the U.S. had entered into an international treaty with the E.U.. The first domino after that was Credit Suisse acquiring First Boston.
So go ahead and hate the 1%; a lot of the responsible parties are a part of that. A lot of them aren't. A lot of the 1% themselves aren't responsible parties for the problems (I know, let's blame billionaires we like, like John Kerry and Steve Jobs!).
Kind of stupid and knee-jerk, if you ask me.
P.S.: Thanks for the replies to the reply, or I wouldn't have seen it.
TL/DR version: Super old news; done for debt shedding.
This was publicly announced 3 weeks ago, but it's been known for a month and a half (since 10 Dec 2015), when a letter was sent out to co-op members, and it was primarily done to shed debt, and because the coop (which is how it's organized) is not attracting new drivers; with a limited number of medallions, taxi coops compete to attract those with medallions. Yellow cab isn't doing as well in this as other companies and co-ops. Primarily they are losing medallioned drivers to Flywheel Taxi (formerly, DeSoto Cab) and Luxor Cab.
"The bankruptcy filing will allow the co-op to shed its mounting debts."
"Fewer drivers mean fewer profits for Yellow Cab, the co-op admitted in a letter to its members."
"The company told the San Francisco Examiner its ridership numbers are healthy. But in a letter to shareholders obtained by the Examiner, Yellow Cab Co-Op President Pamela Martinez wrote that they must do more with less to survive."
^^^^---- note: not losing business to ride sharing services ----^^^^
“In reality, we have the best color scheme there is in the world, we’ve got a lot of loyal customers, we still get a high volume of calls to our color scheme on a daily basis,” he [Jim Gillespie] said.
"Financially, he said the straw that broke the camel’s back were a number of lawsuits which ended up hurting the company’s bottom line."
"On background, multiple sources told the Examiner that cab companies are having a tough time hiring competent drivers and may be hiring drivers with spotty driving records. Gillespie denied this, but he did say the lawsuits were harmful to the co-op."
This fits all of the traits of a typical social "justice" angerfest:
1. Somebody does something that's actually quite minor. (Somebody gets appointed to a position of power. Or somebody mentions the word "dongle" to a friend. Or a police officer defends himself against a violent attacker who happens to have a different skin color.)
The no-poaching agreement in which he was complicit cost me, personally, > $480,000.
There are about 20,000 members of the class in the recently settled class action suit.
You do the math, and tell me how again "quite minor" fits into it... Hint: it comes out to just under $10B, if my claim was about median.
The provider has no requirement to investigate abusive traffic for criminal activity. Zero. None. zilch. That is the job of prosecutors. So all your arguments are nullified.
Then at best, by operating said site, they have constructed a public nuisance.
Hosting provider gets notified that a client is using his account for criminal purposes. That is a violation of terms, so they ditch the client. "Criminal purposes" can be anything, so; Delete the files, could be warez or even child porn in there. The account might even be involved in an ongoing attack, so they had better get rid of it NOW.
Do you have a hosting provider?
What's your account there?
You're not willing to post that information on Slashdot, because you'd have to be insane?
*NOW* do you see the problem with a "delete all the data when a report comes in"?
Better to treat it as a DMCA takedown notice, and throw it into dispute resolution, in case this is the electronic equivalent of SWATting...
A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.
It depends on whether the safety we are referencing is "the safety of their property" or "the safety of themselves with regard to prosecution". If the latter, then all destruction of evidence would not be criminal. 8^)
The points to consider are:
(1) Was deleting the data necessary, or would it have been sufficient to off-line but retain it for a period, as their web site states that do for delinquent accounts?
The clear answer is that deletion was not necessary; data stored in off-line storage does not actively contribute to endangering themselves or their property.
(2) Did they investigate sufficiently to determine that the data was in fact back-end data for ransomeware?
The clear outcome for either answer is:
(A) If yes, then they surely knew that it constituted criminal evidence
(B) If no, then they were dealing with an unsupported assertion, which should have been treated similarly to their DMCA dispute resolution policy
They have some culpability.
I suspect, unless they are running totally non-redundantly, with no backups, that the data is most probably recoverable.
The example for your tirade is the big assumption that you made which is, I'm pretty certain, false - they are not necessarily duty bound, and I suspect you lack the information (and material assets to gain that information easily) to make such determinations.
I was explicitly glib about their duty being to cover their own asses. I implied no other duty.
Then I listed a number of legal theories under which their asses were not covered, including legal liabilities under the computer fraud and abuse act.
I'll provide detail, but we should start with the fact that the data that was destroyed did not belong to the perpetrators of the ransomware, and neither did it belong to the hosting company: it belonged to those being ransomed. There is a vicarious responsibility and an implied custodial responsibility, given that the data was held in trust.
We can start with the question "what is their procedure for data on their servers, when a customer becomes severely in arrears on paying for its storage: do they summarily delete it, or is it held in trust pending some time period and/or subsequent payment of the amount in arrears? From their web site terms and conditions -- we see it is the latter.
So now we have a theory to which we can apply the idea of "what is the policy on receipt and reply for dispute resolution to DMCA takedown notices? We can reasonably conjecture that a report of illegal activity in one case, and a report of illegal activity in another, should fall under the same ploicies and procedures.
Now let's argue the charges I suggested, when I suggested "throwing the book at them":
The question on the contributory negligence must be whether or not they vet their customers to provide a best effort at having a priori that their customers will not use their service to perform illegal acts. If there is no such attempt, they are de facto negligent.
The question in the particular case of the three sections cited of the act is not whether they had a priori knowledge of the illegal activities of the people engaging their services, but whether a posteriori, having been notified of said abuse, and the nature of the abuse, and nominally portraying themselves as IT professionals, they had a reasonable expectation that destroying said data, rather than merely off-lining it, would make the ransomware victims data unrecoverable.
We can take a vote among IT professionals here, or among JDs (I am not a JD; however, I have passed a bar exam without requesting admission to the bar), but I suspect that the consensus would be that there would be a reasonable expectation that they would be destroying the ability to recover the victims data, by destroying the hosted data.
That's the last three charges I listed covered with "a reasonable person knowledgable in the field".
Now, assuming they are adjudicated to be reasonably knowledgable in the field in which their business operates...
Was destroying the data a posteriori to the notification a "cover our asses on involvement" act, or was it a tacit admission that they have been defrauding their other customers by claiming expertise they did not have?
The best way to put this into evidence would be to just put the claims on their corporate web site at the time of the event into evidence.
At which point it now becomes necessary to explain the deletion of the information, if they knew it was being used for ransomware.
It constituted, at the very least, evidence for which there was a likely criminal investigation which would take place; if there was said knowledge, then that justifies the tampering with evidence and spoliation of evidence charges.
Additionally, that knowledge means that by deleting that data, they committed, at least in theory, one of two acts:
(1) If the intent of those operating the ransomware was to use the data stored on the service, then deletion of the hosted data did in fact result in prop
tlambert: I can certainly see why you're not a prosecutor.
Yes, me too.
Activist prosecutors do not last long, when they try to make points regarding social parity between how the legal system treats companies vs. how the legal system treats people who make political statements regarding publicly funded research.
Here's hoping that that hosting service was the one backing the ransomware that just cost three banks in India millions of dollars...
Aaron Swartz was a pretty unusual case. He illegally hid his download server in an MIT wiring closet, he kept overwhelming MIT's connections to JSTOR and causing JSTOR to flake out, dealing considerable and much more measurable damage to thousands of people's work,
That was arguably a problem. Like the original Morris worm, having a bug in the code making it go runaway to the point of a denial of service is problematic; would you feel that it was still a problem if the approach did not have this bug?
Given that this was arguably an analogous bug, with similar impact, and the Morris penalty was 3 years of probation, 400 hours of community service, and a $10,500 fine... would you have been seeking the same penalty against Swartz, instead of the absurd penalty they were going for, to force a plea?
and he ws trying to steal *all of JSTOR*, especially the indexes and cross-references that make JSTOR useful.
Well, he was trying to copy it. Not steal it. JSTOR would still have had use of the information themselves, so it's not like he was depriving them of the data. Unlike in the sase of the ransomware, where the victims were deprives of the data, and the hosting provider deleted the recovery keys, making the deprivation permanent instead of temporary.
[...] and hold forth on how "information should be free" while I steal Terabytes of other people's hard work".
Practically speaking, JSTOR stole the results of publicly funded research and hid it behind a paywall. While it's arguable that JSTOR also contains work that was not publicly funded, to the extent it was publicly funded, the information belongs in the commons, and not to JSTOR, and any member of the public had rights to the data.
So again: would you feel that it was still a problem if the approach did not have the denial of service bug, and assuming he only grabbed the information that was derived via the support of public money?
Because if you'd graduated law school, or just taken a few classes for that matter, you'd know enough to be able to look in to relevant laws and see why your list is a crock that wouldn't hold up.
Didn't stop the Aaron Swartz prosecutors... did it?
The point is to engage in malicious prosecution when some asshole intentionally destroys information that could have recovered people's data.
In point of fact, you don't really want it to hold up; you want to settle for a fine, the amount to be determined by whether they actually destroyed the data, or just are saying they destroyed the data because it would be a royal pain in the ass for them to recover it. The difference in the fine should reflect *how much of a pain in the ass* it would be to recover the data and make it available, plus $1.
Then you gag order it, and announce "they settled for an undisclosed amount". This could be the classic "$1 and other valuable considerations", with said considerations being "helped recover everyones data that could be recovered".
And in the process, you scare the shit of the next company who's informed that their storage is being used like this, and instead of destroying the data, they just offline it so the bad guys can no longer get to it, but the good guys can. It's not like a 3TB disk -- and it was likely not that much data -- would have cost them more than $100, and they could have just off-lined all the data for future reference.
Jesus Christ! Admit deleting it was a stupid thing to do, already!
It's not like the owners of some data that gets reported the same way in the future might not come back and said "Hey guys, we've just had our account SWAT'ted by an asshole who is trying to destroy our business, here's our credentials, please restore our data! Thanks!".
Right now, if they *aren't* somehow publicly humiliated for the deletion, it opens the gate for anyone who wants to *really* fuck over *any* business that happens to be using cloud storage at a hosting service, just by lying about what the cloud is being used for, and having the service *fucking* delete all their data.
"At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "
Duty bound? What duty is that?
The duty to cover their asses, among other things.
If I were a prosecutor, I would in fact charge them with:
* Tampering with evidence * Accessory after the fact * Property damage * Contributory negligence * Aiding and abetting * Spoliation of evidence * (a)(5)(A) of the Computer Fraud and Abuse Act (fine and/or imprisonment for up to 10 years) * (a)(5)(C) of the Computer Fraud and Abuse Act (fine and or imprisonment for up to 1 year) * (j)(2) of the Computer Fraud and Abuse Act (forfeiture of the computer systems involved and any hosting proceeds)
I'd also suggest civil action by those harmed, as provided for in section (g) of the Computer Fraud and Abuse Act.
Yours is public and visible --- and it has a deliberately provocative name. You can't search Google for Shodan and miss the connection.
The malevolent AI villain in System Shock 2? I fail to see the connection...
You've made your point...now shut it down.
Yes. They've made their point. Now it's the job of the manufacturer to shut it down, since people anywhere on the planet can run a similar service, and there's not dick you can do about it without a policing treaty, and extradition treaty, and a willingness to spend a lot of money following up the events.
Slashdot Mirror
You mean the *next* next NASCAR... I have it on good authority from 2005 that the Rocket Racing League is the *next* NASCAR.
http://www.cnn.com/2005/TECH/s...
You know that this would not have been a problem, had they had to store all the data on 5 1/4" floppy disks, right? The backup alarm on the semi truck would have been a dead giveaway...
Researchers don't need SSN for patient. Just assign each patient a number and refer to them that way.
The CS professional should have sanitized the data before releasing it.
In this case, the intent was to use the lab results to ensure improved patient outcomes. This means that the data had to be trackable back to the patients that provided it, and then the lab results were to be fed back into the treatment of said patients.
So this was technically not "human trials research", it was a bioinformatics business process to manage outcomes. As such, it's HIPAA protected, certainly -- but also, 100% personally identifiable.
For the people I know who have bought private insurance, or participated in one of the exchanges, but not yet provided their social security number, there tends to be a lot of letters sent (on the order of one a month) from the insurer, asking for the social, nominally to inform the IRS of your insurance, with the implied threat that if you don't provide the social, the IRS is going to eat your babies.
In other words: health care providers really, really like your social. Typically, according to people in the billing industry whom I also happen to know, it so that when they screw up on their billing -- which they inevitably do -- they can send the bills to a collections agency easier, in order to damage your credit over their screwup, until you pay them for their inability to code a procedure "correctly" so the health insurance accepts the coding.
So they had the socials, probably for not very good reasons, and they used them as an identifier for notionally very good reasons of unique correlation, and then they lost the data because they were idiots who don't routinely protect HIPAA data to the level required to allow them use of it in the first place.
From tlambert's explanation it is clear that people not only expect to be tracked under the circumstances that the lawyer described (phone on, SIM inserted), but know they can also be tracked if the SIM has been removed, and they'll let you know on Slashdot if you get that detail wrong.
So basically, you are saying that because I know, and you've already used the term "aspi" (which is also not correct, BTW) to describe me, that therefore "everybody knows".
Because, you argue, I'm not representative of normal people, yet you are using me to be representative of "everybody": "because tlambert knows, therefore everybody knows".
So are you going to have your cake, or are you going to eat your cake?
I guarantee you, if I were sitting in a jury room deciding on your case, I am just as capable of abusing an "IF NOT A THEN B" Aristotelian Mean to convince the jurors as you are capable of abusing one to treat a witness as hostile to force them to answer "yes" or "no", and then asking "Have you quit disseminating child pornography yet?".
One of the major problems with lawyers -- and this is how they lose cases -- is that they always believe they are the smartest person in the room. So they believe people won't catch them in lies, like an assumed premise fallacy, or other bullshit abuses of illogic. And then they pull this kind of shit in front of a jury, and one of the jurors catches them out.
There is a good reason we have so many people on a jury: even if the lawyer *is* the smartest person in the room (which is a hell of a stretch, but let's assume it as a working hypothesis, for the sake of argument), collectively, the jury is smarter, and at least one, if not more, jurors are going to catch them in any shenanigans they pull.
And you know what pisses people off more than nearly anything you can do in front of them, short of kicking puppies? Being condescending is a way that makes it clear that you think they are stupid.
Hans Reiser went to jail, not because they had the evidence to put him there, prior to his bargain to mitigate his sentence provided them with evidence, but because he was a smarmy, arrogant asshole, who made it clear to everyone that he felt he was the smartest guy in the room. He was convicted because no one on the jury liked him, and the judge let it stand, because there was a lot of (not entirely convincing) circumstantial evidence, and a couple (individually, not very credible) witnesses, and ... the judge didn't like him either.
The "everybody knows" argument doesn't fly.
As far as most people know, if they have their phone on "silent", they can't be tracked (if it can't be made to ring or vibrate on an emergency call from the babysitter or because mom's cat fell down the stairs, it must be "off", right?).
In fact, I'd bet a lot of people who have older phones without a GPS don't think it can be tracked, because they think GPS actively transmits your location, rather than passively receiving information on its own location so that the device know where it is, but unless it communicates it to someone else, or records it for later download, no one else gets to know where you are.
I can't tell you how many times I've heard "Why can't they just put a GPS on it so they can find it?" when it comes to yet another Malaysian plane going missing. It's easier to counter this misinformation with more misinformation, rather than explaining: "Maybe they had an older phone; older phones don't have GPS".
The "everybody knows" argument doesn't fly.
I'm not Hans Reiser. I'm also not writing an O.J. style "If I had done it" book...
Me thinking that most lawyers are assholes because most congressmen are assholes (else why would they write the legislation they write?), and most congressmen are lawyers...
The saving grace in the situation you mention, of course, is that *your* lawyer is *your* asshole. You want him to be better at it than the other guys asshole.
I think law does not work the way you think it does.
I think juries do not work the way you think they do. We are not all stupid sheep, to be led to your chosen conclusion which benefits your idiot client.
Console games? You mean like "robots" and "nethack", right? 'Cause you run them on the console, rather than in graphics mode?
If the lawyer is wrong about his assertion of not being able to track with the SIM removed, he is likely wrong about his assertion that "everybody knows". If he can screw one thing up in a case which is, in theory, important to his client, then he's probably screwed up a bunch of stuff. One false piece of information, and his credibility is out the window. He can ask questions, but any information he himself offers -- such as the assertion that "everybody knows", or his client not needing a warrant -- is suspect.
I expect he might be ... disturbed.
The word you're looking for is delighted, because you're arguing his case. Thanks to your testimony, it is clear that people know that there is no way to evade tracking, so using phones anyway is tacit approval of being tracked. Geeks think they're smart, but they're really just useful idiots.
No, I called into question the veracity of his statement. Rather than saying "Objection, your honor! Prosecution is testifying!", and getting a disregard instruction that can never actually be really disregarded.
Plus, you *can* turn some phones off. For example, doing a hard reset on an iPhone as if it were hung will turn it off (and require that you manually power it on again), unlike some phones which just keep the baseband on at all times. So for some phones: yes, you can stop the tracking. For other phones: no, you can not stop the tracking.
P.S.: I was thrown off a jury once for knowing too much about phones. The judge allowed written jury questions, and in one of mine, I offered to demonstrate cloning the IMEI and SIM #'s for a phone to prove that the tracking was unreliable.
P.P.S.: He's probably be disturbed, if he was removing the SIM with the idea that it would prevent him being tracked visiting his mistress, and his wife getting half, as a result.
Removing the SIM doesn't change the IMEI.
Hailstorm tracks by IMEI; SIM data is incidental. Someone should demonstrate tracking him with his SIM removed. I expect he might be ... disturbed.
I think GP just hates anybody who is part of the 1%. Not the 1.01%, or the 3.14159%, because they're part of the 99%. He just hates the 1%.
Barron's Definition of the One Percent: "they have median annual household income of $750,000, median assets of $7.5 million, and there are 1.2 million of them across the country."
Well, that definitely lets me out. It also lets out almost everyone else I know who was cheated out of higher wages due to wage-fixing. The lawsuit was, in fact, all about the cheating harming people who were *not* in the 1%.
If he'd looked at my posting history, he'd know that I'm sympathetic with blue collar unemployment, but in my opinion, the blame lies directly on the backs of the people who gave MFN status to China, and who pushed the TPP through on "fast track", and then signed it. The market crash lies squarely on the backs of the people who created the CDOs and the Credit Default Swaps, and tied them to the doomed housing market so that when the housing market crashed, so did the financial market. The doomed housing market came about because of adjustable rate mortgages and mortgage backed securities, which in turn came about due to the Gramm–Leach–Bliley Act, which the U.S. had to pass (regardless, despite that Bernie is claiming to have opposed it) because the U.S. had entered into an international treaty with the E.U.. The first domino after that was Credit Suisse acquiring First Boston.
So go ahead and hate the 1%; a lot of the responsible parties are a part of that. A lot of them aren't. A lot of the 1% themselves aren't responsible parties for the problems (I know, let's blame billionaires we like, like John Kerry and Steve Jobs!).
Kind of stupid and knee-jerk, if you ask me.
P.S.: Thanks for the replies to the reply, or I wouldn't have seen it.
TL/DR version: Super old news; done for debt shedding.
This was publicly announced 3 weeks ago, but it's been known for a month and a half (since 10 Dec 2015), when a letter was sent out to co-op members, and it was primarily done to shed debt, and because the coop (which is how it's organized) is not attracting new drivers; with a limited number of medallions, taxi coops compete to attract those with medallions. Yellow cab isn't doing as well in this as other companies and co-ops. Primarily they are losing medallioned drivers to Flywheel Taxi (formerly, DeSoto Cab) and Luxor Cab.
"The bankruptcy filing will allow the co-op to shed its mounting debts."
"Fewer drivers mean fewer profits for Yellow Cab, the co-op admitted in a letter to its members."
"The company told the San Francisco Examiner its ridership numbers are healthy. But in a letter to shareholders obtained by the Examiner, Yellow Cab Co-Op President Pamela Martinez wrote that they must do more with less to survive."
^^^^---- note: not losing business to ride sharing services ----^^^^
“In reality, we have the best color scheme there is in the world, we’ve got a lot of loyal customers, we still get a high volume of calls to our color scheme on a daily basis,” he [Jim Gillespie] said.
"Financially, he said the straw that broke the camel’s back were a number of lawsuits which ended up hurting the company’s bottom line."
"On background, multiple sources told the Examiner that cab companies are having a tough time hiring competent drivers and may be hiring drivers with spotty driving records. Gillespie denied this, but he did say the lawsuits were harmful to the co-op."
http://www.sfexaminer.com/yell...
This fits all of the traits of a typical social "justice" angerfest:
1. Somebody does something that's actually quite minor. (Somebody gets appointed to a position of power. Or somebody mentions the word "dongle" to a friend. Or a police officer defends himself against a violent attacker who happens to have a different skin color.)
The no-poaching agreement in which he was complicit cost me, personally, > $480,000.
There are about 20,000 members of the class in the recently settled class action suit.
You do the math, and tell me how again "quite minor" fits into it... Hint: it comes out to just under $10B, if my claim was about median.
The cost of helicopters is related to things like fuel, [...]
Haven't you heard, yet? Fuel is cheap again.
At worst, they are an accessory before the fact.
The provider has no requirement to investigate abusive traffic for criminal activity. Zero. None. zilch. That is the job of prosecutors. So all your arguments are nullified.
Then at best, by operating said site, they have constructed a public nuisance.
Sue the hosting provider? Seriously?
Hosting provider gets notified that a client is using his account for criminal purposes. That is a violation of terms, so they ditch the client. "Criminal purposes" can be anything, so; Delete the files, could be warez or even child porn in there. The account might even be involved in an ongoing attack, so they had better get rid of it NOW.
Do you have a hosting provider?
What's your account there?
You're not willing to post that information on Slashdot, because you'd have to be insane?
*NOW* do you see the problem with a "delete all the data when a report comes in"?
Better to treat it as a DMCA takedown notice, and throw it into dispute resolution, in case this is the electronic equivalent of SWATting...
A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.
It depends on whether the safety we are referencing is "the safety of their property" or "the safety of themselves with regard to prosecution". If the latter, then all destruction of evidence would not be criminal. 8^)
The points to consider are:
(1) Was deleting the data necessary, or would it have been sufficient to off-line but retain it for a period, as their web site states that do for delinquent accounts?
The clear answer is that deletion was not necessary; data stored in off-line storage does not actively contribute to endangering themselves or their property.
(2) Did they investigate sufficiently to determine that the data was in fact back-end data for ransomeware?
The clear outcome for either answer is:
(A) If yes, then they surely knew that it constituted criminal evidence
(B) If no, then they were dealing with an unsupported assertion, which should have been treated similarly to their DMCA dispute resolution policy
They have some culpability.
I suspect, unless they are running totally non-redundantly, with no backups, that the data is most probably recoverable.
The example for your tirade is the big assumption that you made which is, I'm pretty certain, false - they are not necessarily duty bound, and I suspect you lack the information (and material assets to gain that information easily) to make such determinations.
I was explicitly glib about their duty being to cover their own asses. I implied no other duty.
Then I listed a number of legal theories under which their asses were not covered, including legal liabilities under the computer fraud and abuse act.
I'll provide detail, but we should start with the fact that the data that was destroyed did not belong to the perpetrators of the ransomware, and neither did it belong to the hosting company: it belonged to those being ransomed. There is a vicarious responsibility and an implied custodial responsibility, given that the data was held in trust.
We can start with the question "what is their procedure for data on their servers, when a customer becomes severely in arrears on paying for its storage: do they summarily delete it, or is it held in trust pending some time period and/or subsequent payment of the amount in arrears? From their web site terms and conditions -- we see it is the latter.
So now we have a theory to which we can apply the idea of "what is the policy on receipt and reply for dispute resolution to DMCA takedown notices? We can reasonably conjecture that a report of illegal activity in one case, and a report of illegal activity in another, should fall under the same ploicies and procedures.
Now let's argue the charges I suggested, when I suggested "throwing the book at them":
The question on the contributory negligence must be whether or not they vet their customers to provide a best effort at having a priori that their customers will not use their service to perform illegal acts. If there is no such attempt, they are de facto negligent.
The question in the particular case of the three sections cited of the act is not whether they had a priori knowledge of the illegal activities of the people engaging their services, but whether a posteriori, having been notified of said abuse, and the nature of the abuse, and nominally portraying themselves as IT professionals, they had a reasonable expectation that destroying said data, rather than merely off-lining it, would make the ransomware victims data unrecoverable.
We can take a vote among IT professionals here, or among JDs (I am not a JD; however, I have passed a bar exam without requesting admission to the bar), but I suspect that the consensus would be that there would be a reasonable expectation that they would be destroying the ability to recover the victims data, by destroying the hosted data.
That's the last three charges I listed covered with "a reasonable person knowledgable in the field".
Now, assuming they are adjudicated to be reasonably knowledgable in the field in which their business operates...
Was destroying the data a posteriori to the notification a "cover our asses on involvement" act, or was it a tacit admission that they have been defrauding their other customers by claiming expertise they did not have?
The best way to put this into evidence would be to just put the claims on their corporate web site at the time of the event into evidence.
At which point it now becomes necessary to explain the deletion of the information, if they knew it was being used for ransomware.
It constituted, at the very least, evidence for which there was a likely criminal investigation which would take place; if there was said knowledge, then that justifies the tampering with evidence and spoliation of evidence charges.
Additionally, that knowledge means that by deleting that data, they committed, at least in theory, one of two acts:
(1) If the intent of those operating the ransomware was to use the data stored on the service, then deletion of the hosted data did in fact result in prop
tlambert: I can certainly see why you're not a prosecutor.
Yes, me too.
Activist prosecutors do not last long, when they try to make points regarding social parity between how the legal system treats companies vs. how the legal system treats people who make political statements regarding publicly funded research.
Here's hoping that that hosting service was the one backing the ransomware that just cost three banks in India millions of dollars...
http://yro.slashdot.org/story/...
The California Franchise Tax Board has Ombudsmen.
Being paid by the state, you can guess their answer when you raise a grievance against the state...
Aaron Swartz was a pretty unusual case. He illegally hid his download server in an MIT wiring closet, he kept overwhelming MIT's connections to JSTOR and causing JSTOR to flake out, dealing considerable and much more measurable damage to thousands of people's work,
That was arguably a problem. Like the original Morris worm, having a bug in the code making it go runaway to the point of a denial of service is problematic; would you feel that it was still a problem if the approach did not have this bug?
Given that this was arguably an analogous bug, with similar impact, and the Morris penalty was 3 years of probation, 400 hours of community service, and a $10,500 fine ... would you have been seeking the same penalty against Swartz, instead of the absurd penalty they were going for, to force a plea?
and he ws trying to steal *all of JSTOR*, especially the indexes and cross-references that make JSTOR useful.
Well, he was trying to copy it. Not steal it. JSTOR would still have had use of the information themselves, so it's not like he was depriving them of the data. Unlike in the sase of the ransomware, where the victims were deprives of the data, and the hosting provider deleted the recovery keys, making the deprivation permanent instead of temporary.
[...] and hold forth on how "information should be free" while I steal Terabytes of other people's hard work".
Practically speaking, JSTOR stole the results of publicly funded research and hid it behind a paywall. While it's arguable that JSTOR also contains work that was not publicly funded, to the extent it was publicly funded, the information belongs in the commons, and not to JSTOR, and any member of the public had rights to the data.
So again: would you feel that it was still a problem if the approach did not have the denial of service bug, and assuming he only grabbed the information that was derived via the support of public money?
Because if you'd graduated law school, or just taken a few classes for that matter, you'd know enough to be able to look in to relevant laws and see why your list is a crock that wouldn't hold up.
Didn't stop the Aaron Swartz prosecutors... did it?
The point is to engage in malicious prosecution when some asshole intentionally destroys information that could have recovered people's data.
In point of fact, you don't really want it to hold up; you want to settle for a fine, the amount to be determined by whether they actually destroyed the data, or just are saying they destroyed the data because it would be a royal pain in the ass for them to recover it. The difference in the fine should reflect *how much of a pain in the ass* it would be to recover the data and make it available, plus $1.
Then you gag order it, and announce "they settled for an undisclosed amount". This could be the classic "$1 and other valuable considerations", with said considerations being "helped recover everyones data that could be recovered".
And in the process, you scare the shit of the next company who's informed that their storage is being used like this, and instead of destroying the data, they just offline it so the bad guys can no longer get to it, but the good guys can. It's not like a 3TB disk -- and it was likely not that much data -- would have cost them more than $100, and they could have just off-lined all the data for future reference.
Jesus Christ! Admit deleting it was a stupid thing to do, already!
It's not like the owners of some data that gets reported the same way in the future might not come back and said "Hey guys, we've just had our account SWAT'ted by an asshole who is trying to destroy our business, here's our credentials, please restore our data! Thanks!".
Right now, if they *aren't* somehow publicly humiliated for the deletion, it opens the gate for anyone who wants to *really* fuck over *any* business that happens to be using cloud storage at a hosting service, just by lying about what the cloud is being used for, and having the service *fucking* delete all their data.
"At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "
Duty bound? What duty is that?
The duty to cover their asses, among other things.
If I were a prosecutor, I would in fact charge them with:
* Tampering with evidence
* Accessory after the fact
* Property damage
* Contributory negligence
* Aiding and abetting
* Spoliation of evidence
* (a)(5)(A) of the Computer Fraud and Abuse Act (fine and/or imprisonment for up to 10 years)
* (a)(5)(C) of the Computer Fraud and Abuse Act (fine and or imprisonment for up to 1 year)
* (j)(2) of the Computer Fraud and Abuse Act (forfeiture of the computer systems involved and any hosting proceeds)
I'd also suggest civil action by those harmed, as provided for in section (g) of the Computer Fraud and Abuse Act.
Yours is public and visible --- and it has a deliberately provocative name. You can't search Google for Shodan and miss the connection.
The malevolent AI villain in System Shock 2? I fail to see the connection...
You've made your point...now shut it down.
Yes. They've made their point. Now it's the job of the manufacturer to shut it down, since people anywhere on the planet can run a similar service, and there's not dick you can do about it without a policing treaty, and extradition treaty, and a willingness to spend a lot of money following up the events.