decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
What was the real crime here? | 269 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
What was the real crime here?
Authored by: Anonymous on Tuesday, July 02 2013 @ 10:01 PM EDT
We don't know because it has not been adduced in evidence, how
AT&T decided that the device in question was an iPad and thus
redirected it to an address constructed with information queried
from that client. Spitler had an iPad, and made the observation.
Could anyone have found this flaw without an iPad?

I know, I know it's security by obscurity, IOW no security.
What was obtained? An email address. Is an email address
under US law a personal secret? Note that even with the email
address the perps could do no further harm on the AT&T site.
Any user getting to that page still had to login with a password.
(please skip the details of luser retaining the default password, etc)

The real crime here IMNSHO was that Auernheimer was a dweeb.
He had made loud dweeby noises in public about his deeds.
The Feds desperately need to publicly put down a dweeb.
It's two wrongs still not making a right.

[ Reply to This | Parent | # ]

True criminals?
Authored by: Anonymous on Tuesday, July 02 2013 @ 10:07 PM EDT
Once again the US persecutes someone for exposing a violation of the public trust while letting the true criminals go free

I'd agree with this characterization in a lot of cases, but who are you characterizing as "the true criminals" in this case? AT&T was incompetent with personal info. Are you arguing that make them criminal? And if so, under which law?

[ Reply to This | Parent | # ]

What was the real crime here?
Authored by: Anonymous on Wednesday, July 03 2013 @ 12:04 AM EDT
> No one would claim that the account number alone served as
both the username and password and was thus secure. That's
utterly ridiculous.

And yet that is exactly how Social Security numbers are
used....

[ Reply to This | Parent | # ]

What was the real crime here?
Authored by: Anonymous on Wednesday, July 03 2013 @ 03:34 AM EDT
AT&T openly published on the Internet the email addresses of 100,000 Apple
customers. Apple didn't check on AT&T's process to test best practices of
information management. Both of these rich and powerful corporations were
embarrassed by their negligence. Their natural course of action was to go after
the kid who read what they published and revealed their negligence, and make it
a crime after the fact holding themselves out as innocent victims of a nefarious
hacker with elite skills who penetrated their security and made off with the
goods. The simple fact is that the information was simply made public by
AT&T in error, they were negligent with the personal information of their
customers, and the kid committed no crime. In fact by bringing the security
issue to light he likely prevented a great deal of harm to those customers, as
some nefarious actor would have discovered the same problem eventually and done
harm with it before it was corrected. But he's still in prison. This abuse of
justice is why this law must be reformed.

[ Reply to This | Parent | # ]

What was the real crime here?
Authored by: cricketjeff on Wednesday, July 03 2013 @ 10:21 AM EDT
Actually I do not think the real criminals here were either the defendants or
AT&T but the prosecuting authorities.

There appears to be no penalty or jeopardy for overzealous officials in this
system. Putting an innocent man in jail by deliberately bending the law should
be an extremely serious offence.



---
There is nothing in life that doesn't look better after a good cup of tea.

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )