The data block that was shared was not in itself personally ident infomation - that infomation was already held by the forum. The datablock itself was used to I.D. a particular phone, and according to the DPA's interpretive provisions, that infomation is not classified as personally identifiable. It would have become so had the forums administrator passed that infomation on to the Grandparent, but the flow of infomation went the other way (I.e, npi was given to someone who already possessed the pi), and was therefore not illegal.
This is, incidentally, the same workaround that allows someone to trace an I.P. address and report the owner of said I.P. address to their ISP - the I.P. address and access log timestamp on thier own are not personally identifiable, and only become so when given to the ISP - who alraedy has that infomation anyway.
That's not accurate - at least, not here in the UK. If my phone got stolen, I'd just drop into a local tesco's and pick up a replacement phone for £30 - and it costs me another 5, if that, to get my old phone number transferred to the new phone, or another ten or so to get a replacement sim card from my original provider. Either way, the service provider has lost money on the value of the phone. Yes, I know that some people will get their insurance company to pay for a new phone, but most of the time it's not worth the hassle.
Most phones stolen in the UK typically get exported to other countries where a $300 phone actually costs $300 - the phone will work on their networks and the gang that stole the phone can sell it on for $100-$150. It's an organised market and both the Police and the network operators are trying to put a stop to it, but short of setting up a new comms standard, there is only so much that can be done. As long as there is a market...
You say that, yet the data they cracked and searched was what was required to lookup the person's phone# against their posting IP#. That made anonymous posts identifiable
Not quite : The IP number and the Phone number were already related through the users forum account - you cannot invade someones privacy when they've already given you that infomation. You're right in that it's not that complicated; but it seems that you've still managed to misunderstand what actually happened.
Just to clarify : The encrypted data that was searched wasn't personal data, nor was it personally identifiable data. Essentially, it was a block list of version numbers and network keys, which are next to useless.
As my own reply to the GP states, the relavent legislation here in the UK is the DPA 1998, and the actions taken by MCD and their partner did not violate that legislation - hence, both legally and morally, there was no breach of privacy.
Bieng in the UK, the site would have to abide by the Data Protection Act 1998, which basically specifies what a company can and can't do with personal infomation.
Notably, the DPA applies only to personally identifiable infomation - given that it's not possible to identify someone from an I.P. number alone, nor an IMEI number, no laws were broken and what these guys did was perfectly legal.
That said, I can't find a notice on their site regarding the DPA, the data they collect, and what it's used for, so MaDoCo may be in breach of the DPA. That said, even big commercial sites like Amazon fail to include the required notices, so they're unlikely to suffer action over it.
I think you missed the point. Grandparent was giving the British definition of 'cunt' to an AC who I'm guessing was from the states, where the meaning is something different.
He/She was simply informing the misinformed - I doubt any of us would deny that 'Cocky' was a cunt by the british def.:)
That's exactly why I mentioned the 'they must know' thing. The access with the password they were given would have been legal here in the U.K. - But the moment they brute-forced the password files after the password changed, it became illegal.
what the modders work with could be called a rulebook. If you rewrite a rulebook, you end up with a different game, no?
The source code is something different, however. I guess you could call it the language that the rules were written in - there are some things you can say in English, for instance, that would be hard to say in Swahili (or, better geek example : Klingon.) Hence, bieng able to change the language that the rulebook is written in allows you even more freedom to change those rules.
Don't be too suprised if six months from now, you start seeing Quake 3 TC's doing all sorts of things that they simply couldn't do before. Aside, that is, from running on the bloody toaster.
The way these things tend to work is that if you annull someones user-priviledges on a fairly open network - as those on college or Uni campuses tend to be, the guy you're trying to punish ends up duping someone else into allowing them to use their account.
In a corperate environment, that's not a problem because someone who engages in that kind of activity gets a written warning and/or the sack. In a college tho', conditions are different and you can't apply the same ruleset.
I'm not sure what the legislation in the U.S. is with regards to unauthorised use of computers, but here in the U.K. the legislation is pretty watertight.
Under section 1 of the Computers Misuse Act 1990, if you gain access to a machine/program/data that you're not authorised to have access to, you can be imprisoned for 6 months or get hit with a class 5 fine. You're not liable if you didn't know that your access was unauthorised, which is a nice little safety net if your boss decides to revoke your network access but forgets to tell you.:)
Under section 3, if you change anything after getting access that penalty becomes a five year prison sentence, but again you have to know that you weren't supposed to be doing it.
In this case, It's pretty obvious that the kids knew that they weren't supposed to be messing around with the data, so why should the law apply any less to them than it would someone hacking into police databases? Laws are only worthwhile if they apply to everyone evenly, and if they don't they may as well not exist.
Again, I'm not sure what the U.S. legislation is with regards to this, but if anyone wishes to know what the legislation is over here, you can find the text of the Computers Misuse Act on the following link.
Note to self : Preview next time.
Wanted to add this : here in the UK we have a rating above 18, known as R18, which is used exclusively for pornography. Titles with that rating can only be sold in licensed 'sex shops'. I'm not kidding.
For those that aren't aware, here in the UK any rating issued by the BBFC is legally binding. Any store that sells a game to a customer below the rated age can be fined, and i believe the clerk can end up serving a prison sentence. Yeowch.
Titles rated by Pegi (the european equilavent of ELSPA) don't fall under such a law, but the kind of titles that most people might find offensive are covered by the BBFC anyway.
like video editing on your pc, then there's a real reason to think about capacity.
It can also be a help to artists and the likes (in particular 3d artists) that want all of their previous works on hand, instead of having to hunt through DVD's and the likes to find a particular file. Also kinda handy if you've got a big sample collection - save's a whole lot of disk swapping if you can just dump it onto a Hdd.
Meh, if a patent fails they just change the wording a little, hope the guy reading it doesn't have a clue, and try again. And again. And again. And again.
So reporting a patent that's been rejected is pretty pointless.
Didn't they revoke the common carrier status for ISP's?
With that in mind, the FCC could just force ISP's to block any non-compliant solutions that crop up, regardless of wether they are closed or open sourced.
Yeah, but it'd still be a loss of revenues, and arguably profit. Not only would it affect US customers, but other customers (ie, business) would switch to an competing provider that still had a U.S. service.
Double-whammy.
My guess is that Skype would do something with their U.S. based servers to allow the tapping against calls made to/from/within the US, but without affecting the rest of their service.
Of course, this is just speculation.
It's a contraction of 'although', so it's both the fore and aft that's bieng culled, and I was always taught to place the apostrophe at the fore under those conditions.
If I'm wrong to do so 'tho, then I'll take note of that in future....damn.
Umm, I can walk into a local Tesco's and buy a cellphone without having to register anything. They provide a card with the phone that you use to place credit on it (it swipes through the till like a loyalty card, they ask how much you want, and you pay, simple as that).
As long as you pay cash, they can't link that phone to you without having someone chase down your signal and see who's holding the phone.
It's not anonymous, in that the phone has a unique ID number, but at the same time it's not exactly traceable.
Slashdot Mirror
The data block that was shared was not in itself personally ident infomation - that infomation was already held by the forum. The datablock itself was used to I.D. a particular phone, and according to the DPA's interpretive provisions, that infomation is not classified as personally identifiable. It would have become so had the forums administrator passed that infomation on to the Grandparent, but the flow of infomation went the other way (I.e, npi was given to someone who already possessed the pi), and was therefore not illegal.
This is, incidentally, the same workaround that allows someone to trace an I.P. address and report the owner of said I.P. address to their ISP - the I.P. address and access log timestamp on thier own are not personally identifiable, and only become so when given to the ISP - who alraedy has that infomation anyway.
That's not accurate - at least, not here in the UK. If my phone got stolen, I'd just drop into a local tesco's and pick up a replacement phone for £30 - and it costs me another 5, if that, to get my old phone number transferred to the new phone, or another ten or so to get a replacement sim card from my original provider. Either way, the service provider has lost money on the value of the phone. Yes, I know that some people will get their insurance company to pay for a new phone, but most of the time it's not worth the hassle.
Most phones stolen in the UK typically get exported to other countries where a $300 phone actually costs $300 - the phone will work on their networks and the gang that stole the phone can sell it on for $100-$150. It's an organised market and both the Police and the network operators are trying to put a stop to it, but short of setting up a new comms standard, there is only so much that can be done. As long as there is a market...
Not quite : The IP number and the Phone number were already related through the users forum account - you cannot invade someones privacy when they've already given you that infomation. You're right in that it's not that complicated; but it seems that you've still managed to misunderstand what actually happened.
Just to clarify : The encrypted data that was searched wasn't personal data, nor was it personally identifiable data. Essentially, it was a block list of version numbers and network keys, which are next to useless.
As my own reply to the GP states, the relavent legislation here in the UK is the DPA 1998, and the actions taken by MCD and their partner did not violate that legislation - hence, both legally and morally, there was no breach of privacy.
Bieng in the UK, the site would have to abide by the Data Protection Act 1998, which basically specifies what a company can and can't do with personal infomation.
Notably, the DPA applies only to personally identifiable infomation - given that it's not possible to identify someone from an I.P. number alone, nor an IMEI number, no laws were broken and what these guys did was perfectly legal.
That said, I can't find a notice on their site regarding the DPA, the data they collect, and what it's used for, so MaDoCo may be in breach of the DPA. That said, even big commercial sites like Amazon fail to include the required notices, so they're unlikely to suffer action over it.
I think you missed the point. Grandparent was giving the British definition of 'cunt' to an AC who I'm guessing was from the states, where the meaning is something different. He/She was simply informing the misinformed - I doubt any of us would deny that 'Cocky' was a cunt by the british def. :)
That's exactly why I mentioned the 'they must know' thing. The access with the password they were given would have been legal here in the U.K. - But the moment they brute-forced the password files after the password changed, it became illegal.
what the modders work with could be called a rulebook. If you rewrite a rulebook, you end up with a different game, no?
The source code is something different, however. I guess you could call it the language that the rules were written in - there are some things you can say in English, for instance, that would be hard to say in Swahili (or, better geek example : Klingon.) Hence, bieng able to change the language that the rulebook is written in allows you even more freedom to change those rules.
Don't be too suprised if six months from now, you start seeing Quake 3 TC's doing all sorts of things that they simply couldn't do before. Aside, that is, from running on the bloody toaster.
The way these things tend to work is that if you annull someones user-priviledges on a fairly open network - as those on college or Uni campuses tend to be, the guy you're trying to punish ends up duping someone else into allowing them to use their account.
In a corperate environment, that's not a problem because someone who engages in that kind of activity gets a written warning and/or the sack. In a college tho', conditions are different and you can't apply the same ruleset.
Meh, i seem to recall that Dark was already faster than light.
No, don't look confused - it was a bad joke to begin with. The film I'm reffering to is 'Neverending Story II', not star wars. Sorry. >_
I'm not sure what the legislation in the U.S. is with regards to unauthorised use of computers, but here in the U.K. the legislation is pretty watertight.
:)
1 8_en_2.htm#mdiv1
Under section 1 of the Computers Misuse Act 1990, if you gain access to a machine/program/data that you're not authorised to have access to, you can be imprisoned for 6 months or get hit with a class 5 fine. You're not liable if you didn't know that your access was unauthorised, which is a nice little safety net if your boss decides to revoke your network access but forgets to tell you.
Under section 3, if you change anything after getting access that penalty becomes a five year prison sentence, but again you have to know that you weren't supposed to be doing it.
In this case, It's pretty obvious that the kids knew that they weren't supposed to be messing around with the data, so why should the law apply any less to them than it would someone hacking into police databases? Laws are only worthwhile if they apply to everyone evenly, and if they don't they may as well not exist.
Again, I'm not sure what the U.S. legislation is with regards to this, but if anyone wishes to know what the legislation is over here, you can find the text of the Computers Misuse Act on the following link.
http://www.opsi.gov.uk/acts/acts1990/Ukpga_199000
I was under the impression that most of us never go outside. Why the hell would we need to know what the weather's like? ;-)
They'll bait and steal the panther to sell it to some collector somewhere. *THEN* they'll steal the rest of your stuff. :/
Note to self : Preview next time. Wanted to add this : here in the UK we have a rating above 18, known as R18, which is used exclusively for pornography. Titles with that rating can only be sold in licensed 'sex shops'.
I'm not kidding.
For those that aren't aware, here in the UK any rating issued by the BBFC is legally binding. Any store that sells a game to a customer below the rated age can be fined, and i believe the clerk can end up serving a prison sentence. Yeowch.
Titles rated by Pegi (the european equilavent of ELSPA) don't fall under such a law, but the kind of titles that most people might find offensive are covered by the BBFC anyway.
Skype has a division working in silicon valley - they're actually hiring more staff atm. If I were the FCC, that'd be how i get to them.
like video editing on your pc, then there's a real reason to think about capacity.
It can also be a help to artists and the likes (in particular 3d artists) that want all of their previous works on hand, instead of having to hunt through DVD's and the likes to find a particular file.
Also kinda handy if you've got a big sample collection - save's a whole lot of disk swapping if you can just dump it onto a Hdd.
Meh, if a patent fails they just change the wording a little, hope the guy reading it doesn't have a clue, and try again. And again. And again. And again.
So reporting a patent that's been rejected is pretty pointless.
Didn't they revoke the common carrier status for ISP's?
With that in mind, the FCC could just force ISP's to block any non-compliant solutions that crop up, regardless of wether they are closed or open sourced.
Yeah, but it'd still be a loss of revenues, and arguably profit. Not only would it affect US customers, but other customers (ie, business) would switch to an competing provider that still had a U.S. service. Double-whammy. My guess is that Skype would do something with their U.S. based servers to allow the tapping against calls made to/from/within the US, but without affecting the rest of their service. Of course, this is just speculation.
The problem is that if they don't comply, the FCC can issue punitive measures on skype's operations within the U.S.
It's a contraction of 'although', so it's both the fore and aft that's bieng culled, and I was always taught to place the apostrophe at the fore under those conditions.
...damn.
If I'm wrong to do so 'tho, then I'll take note of that in future.
http://news.bbc.co.uk/1/hi/sci/tech/4134986.stm for those want a read, 'tho its only mentioned in passing.
Umm, I can walk into a local Tesco's and buy a cellphone without having to register anything. They provide a card with the phone that you use to place credit on it (it swipes through the till like a loyalty card, they ask how much you want, and you pay, simple as that). As long as you pay cash, they can't link that phone to you without having someone chase down your signal and see who's holding the phone. It's not anonymous, in that the phone has a unique ID number, but at the same time it's not exactly traceable.