The War On Computing: What Happens When Authorities Don't Understand Technology

from the here-we-go dept

We've obviously been covering a lot about Aaron Swartz lately, but his case is really just one of many similar cases involving people in positions of authority who simply don't understand basic technology, but feel that something must be illegal because they try to overlay an analog view on a digital world. In the Swartz case, Carmen Ortiz famously used the incredibly misguided and misleading "stealing is stealing" concept. However, as Cory Doctorow has been fond of pointing out lately, we're entering a war on general purpose computing, and this is just one battle front.

Two other recent skirmishes show the same sorts of things happening in slightly different contexts. A few months ago, we wrote about the case of Andrew Auernheimer, the security researcher who's been convicted and likely to face a long period of time in jail for exposing a blatant security hole from AT&T that allowed him (and anyone else) to gather personal data on the owners of any iOS device. Remember, AT&T set up some stupid security, making all of this data public via its own API. Now about to be sentenced, Auernheimer was asked to write up a "statement of responsibility" for the court, and chose to do a blog post in which he calls out what a farce the whole situation is:
The facts: AT&T admitted, at trial, that they “published” this data. Their words. Public-facing, programmatic accesses of APIs happen upwards of a trillion times per day. Twitter broke 13 billion on their API ages ago. This is something that happens more than the entire population of Earth, daily. The government has no problem with this up until you transform the output into something offensive to important people. People with “disruptive” startups, this is your fair warning: They are coming for you next.

The other one of my prosecutors, Zach Intrater, said that a comment I made about Goatse Security, my information security working group, starting a certification process to declare systems “goatse tight” was evidence of my intent to personally profit. For those not in on the joke: Goatse is an Internet meme referencing a man holding open his anus very widely. The mind reels.

I can’t survive like this. I am happy to be hitting a prison cell soon. They ruined my business. The feds get approval of who I can work for or with: they rejected one company because the CEO had a social network profile with an occupation listed as “hacker.” They prohibit me from touching any computer that isn’t federally monitored. I do my best to slang Perl code on an Android device to comply with my bail conditions. It isn’t pretty.
Meanwhile, up in Canada, there's been a fair bit of talk about how Dawson College computer science student Ahmed Al-Khabaz was expelled for discovering a security hole in a system used across many Canadian colleges to store personal data of students. In his case, part of the problem was that, after alerting people to the hole, he went back a few days later to run a script to see if they had closed the hole. This caused the company that managed the system to accuse him of criminal activity:
“It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack. I apologized, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn’t agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement.”
Even with the signed agreement, Dawson expelled him. While Dawson stands by its decision, the company Skytech says that it's now offered to hire him part time.

Yes, in all three of these cases you can make a case that what the individual did went further than others would go. Some might call it discourteous. Swartz downloaded a lot more than the system intended, even though the network was open and the terms allowed for unlimited downloads. Auernheimer didn't just find the hole, but he scraped a bunch of data and sent some of it off to a reporter. Al-Khabaz didn't just find the security hole, but he also went back and probed the system again later. But, in the context of someone who lives in this kind of world and understands technology, all three represent completely natural behavior. If the technology allows it, why not probe the system and see what comes out? It's the natural curiosity of a young and insightful mind, looking to see what information is there. When it's made available, how do you not then seek to access it?

But there is a fundamental disconnect between an older, non-digital generation who doesn't get this. They think in terms of walls and locks, and clear delineations. The younger generation, the digital native, net savvy generation looks at all of this as information that is available and accessible. The limitation is merely what they can reach with their computer. But this isn't a bad thing -- this is how we discover new things and build and learn. Treating that as criminal behavior is insane and backwards. It's trying to apply an analog concept to a digital world, and then criminalizing exactly what the system allows and what we should be encouraging people to do -- to push the network, to explore, to learn and to access information.

This is a culture clash, of sorts, but it represents a real problem, when we're criminalizing the most curious and adept computer savvy folks out there.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 12:25pm

    War of Attrition...

    They eventually lose as the older generation eventually dies off and the newer generation completely takes over.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      droozilla (profile), Jan 23rd, 2013 @ 12:30pm

      Re: War of Attrition...

      Well, these people need to hurry up and die then, because I'm tired of reading about this ridiculous shit.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        :Lobo Santo (profile), Jan 23rd, 2013 @ 12:49pm

        Re: Re: War of Attrition...

        Sadly, the life-spans of the wealthy and powerful are around, what, 90+ years nowadays?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          John Doe, Jan 23rd, 2013 @ 12:51pm

          Re: Re: Re: War of Attrition...

          Add to it that they hand the reins to their offspring who, more often than not, continue down their parents path.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jan 23rd, 2013 @ 1:54pm

            Re: Re: Re: Re: War of Attrition...

            That is another issue altogether that I wasn't really trying to address. I was merely commenting on those that are of the older generation in power that simply "don't get technology." They will die off and be replaced by those that do. Then there are those that DO get it, have wealth and power but act like they don't get it because they are selfish bastards, that is a whole different ball of wax. Those people just have to be taken down by overwhelming force.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 23rd, 2013 @ 1:04pm

        Re: Re: War of Attrition...

        By time they die off they have all kinds of draconian laws locked in place that it takes decades to dispose of if they are ever disposed of.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      weneedhelp (profile), Jan 23rd, 2013 @ 12:54pm

      Re: War of Attrition...

      The poverty of philosophy excerpt:
      The problem with always being a conformist is that when you try to change the system from within, it's not you who changes the system; it's the system that will eventually change you. There is usually nothing wrong with compromise in a situation, but compromising yourself in a situation is another story completely, and I have seen this happen long enough in the few years that I've been alive to know that it's a serious problem. - Immortal Technique

      All too common in politics. Look at Arnold Schwarzenegger as a perfect example.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Hephaestus (profile), Jan 23rd, 2013 @ 1:10pm

      Re: War of Attrition...

      Immortality is about 10 to 20 years out. We may be stuck with them forever ...

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      art guerrilla (profile), Jan 23rd, 2013 @ 1:33pm

      Re: War of Attrition...

      um, you are assuming we have some sort of de-mo-cra-cy where the people's will is heard and acted upon...
      how quaint...

      i know most kampers realize this by now: but it don't matter what us 99% think/feel/want; the 1% have us by the short and curlies, and ain't no one want to do what it takes to break free...

      thus, billions of old farts dying out who condone -or approve of- the authoritarianism we are held in thrall to, will not put a dent in the system...

      only when the 1% are dealt with as they deserve, will we be able to reclaim our system of gummint...

      based on a true story...

      art guerrilla
      aka ann archy
      eof

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 2:50pm

      Re: War of Attrition...

      The old(culture) only dies if the new(culture) becomes the norm.

      This is not about people is about culture.

      Young people with old culture is not new.

      The "generation" is a cultural thing, if you don't change the culture the generations will all be the same.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 12:31pm

    We are criminalising the "natural curiosity of young and insightful minds" because a government fears nothing more than an informed populace.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 12:35pm

      Re:

      Obvious Solution: Lock that information up behind a wall that repels the innocent.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 1:58pm

      Re:

      I don't think it's the government that fears an informed populace. It's those who control the government that fear them. Those in government are just accepting their bribes because the uninformed populace lets them get away with it most of the time.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      dmogle, Jan 24th, 2013 @ 7:16am

      Response to: Anonymous Coward on Jan 23rd, 2013 @ 12:31pm

      Yes, this exactly. Tech exists for the populous to consume more faster, no other reason. Anyone who does or says otherwise is a dangerous criminal.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 12:33pm

    exactly the same as happens when they dont understand anything else. it's locked down, new laws are introduced that are business compliant and privacy and freedom are taken away from the people. usual shit that keeps anyone apart from the people to be in control!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 12:40pm

    America is weird: http://hackforchange.org/

    National Day of Civic Hacking is a national event that will take place June 1-2, 2013, in cities across the nation. The event will bring together citizens, software developers, and entrepreneurs from all over the nation to collaboratively create, build, and invent new solutions using publicly-released data, code and technology to solve challenges relevant to our neighborhoods, our cities, our states and our country. National Day of Civic Hacking will provide citizens an opportunity to do what is most quintessentially American: roll up our sleeves, get involved and work together to improve our society.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    weneedhelp (profile), Jan 23rd, 2013 @ 12:45pm

    The younger generation

    Define old. I am 43 and understand it perfectly. A lot of my co-workers are at my age or older.

    "natural curiosity of young and insightful minds" - I would have done the same thing. Dont think it is age at all.

    "disconnect between an older, non-digital generation" - My wife is anti-technology. She was just saying how funny it was that some of her elderly patients, one in particular is 80, were happily using their kindles & ipads while she has never been on twitter or even Ebay. She is 37.

    Some ppl just draw a line in the sand and bury their heads behind it.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 1:15pm

      Re: The younger generation

      This, ever-so-hard.

      I'm in my early 30's. Until a few years ago, where she was finally forced to use a computer at work, my mom would literally break out in a cold sweat if she was sat down in front of a computer. She's had a cell phone for at least 10 years, and just last year, finally figured out how to use voicemail. Her, and people like her proudly exclaim how little they know about any technology.

      My dad got a computer about 15 years ago for work, has tooled around here and there for things he wants it to do, asks me questions, learns what he needs/wants to know about them, and incorporates them into his life to make it better. He got a droid recently for the same reason. He may not know nearly as much as I do, but if there's something that will improve on his life, he's glad to know about it and keep learning, despite his age.

      Flip-side, I was in college late 90's/early 00's. Freshman year, I had to go help someone down the hall because neither of the people who lived in the room could figure out how to save a file to a floppy disk (and yes, at that point, those were still being quite heavily used for small file transfers)...not because they were so far beyond floppies, but because they had never done anything like that, and a professor was asking for an assignment to be submitted either that way or via e-mail. To this day, I have friends who, if I mention anything more than the absolute most basic thing possible to do with technology, their eyes glaze over and it looks like I'm speaking a foreign language to them.

      If I have a question on how to do something or how something works, I ask experts, do research, learn. I don't think that will ever change. I guarantee you, the people who are not willing/are unable to put in time/effort to learn now, were the same way at age 25.

      Age has NOTHING to do with this. Intelligence and the desire to learn and grow has EVERYTHING to do with this.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Rikuo (profile), Jan 23rd, 2013 @ 1:20pm

        Re: Re: The younger generation

        Oh god, the number of times I've gone through the same thing. It's like they're thinking that all this technology needs some sort of super mind in order to work, and they deliberately say to themselves and to me, that they can't figure it out. They intentionally sell themselves short and don't even want to take the effort to learn, to even try.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        dennis deems, Jan 23rd, 2013 @ 1:44pm

        Re: Re: The younger generation

        Intelligence and the desire to learn and grow has EVERYTHING to do with this.
        Plenty of people who are highly intelligent and posses a keen appetite for learning don't have any desire to learn about computers because *gasp* they don't give a damn about computers.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Not an Electronic Rodent (profile), Jan 23rd, 2013 @ 2:57pm

          Re: Re: Re: The younger generation

          because *gasp* they don't give a damn about computers.
          Which was fine 20 years ago... maybe even 10. But now computers, networking and data are a fundamental part of life in the western world at least. Saying "I don't give a damn about computers" is like saying saying "I don't need to know how to add up because I have this calculator" was then.
          Sure you can live without knowing, but the number of occasions where it's gonna bite you on the arse is way too big to be ignored if you have any sense.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          athe, Jan 23rd, 2013 @ 5:53pm

          Re: Re: Re: The younger generation

          When the people who are making or using the laws around computers and computing "don't give a damn", that's where the problem lies...

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      jupiterkansas (profile), Jan 23rd, 2013 @ 1:17pm

      Re: The younger generation

      I'm 43 too and I understand it, but a lot of people my age don't. I grew up with computers but not everyone did. They're still mystery machines to them and they can barely operate them. They just assume hacking is illegal and the source of all their spam.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        weneedhelp - not signed in, Jan 23rd, 2013 @ 9:03pm

        Re: Re: The younger generation

        I didnt grow up around computers. I got into them when my mom got one and then the aol disk came in the mail. So i connected to this internet thing, and like every young man with a healthy libido I did my first web search... boobs. Well we all know what happens when searching p0rn, I hit that one website and blammo. Unending popup windows until the machine ran out of memory and crashed. Well I had to fix it before mom found out i blew up her new HP surfing porn.

        In a long winded way I am saying it is a personality type that determines one's drive. In that instant I didn't know or even have any interest in computers. I just knew when turned on the computer acted funny spawning windows on its own and I had to fix it to save face. It wasn't until I had cleaned that machine and it acted normal again that maybe this computer thing should be something I look in to. At that point, for me, computers had all the fun of tinkering and fixing, without all the manual labor and dirt of tinkering with cars, motorcycles, and construction.

        So it is in my opinion, that the personality type that goes into politics is not of the type that likes to tinker. They would never work in construction, or do anything that took physical labor and logical thinking. (Not all but most) And the ones that do know better don't dare cross a party line or jeopardize their bribes... er campaign contributions. (See above comment)

        I think a lot of users fall into that category.
        I think there are a lot that do have the ability, but have no interest in computers or how they work. They can understand just fine. I see light bulb moments everyday. When you explain something to someone you look at and think oh S, they will never get it, and they do quite well. And then there are the static moments where you explain something to a user and all you see in their eyes is static like an off channel. Funny thing is I have noticed in our user base is that it happens more with 20 - 30 somethings. I was responsible for our RSA rollout to end users and had a much easier time with those over 30 than under.


        Sorry to be so long winded but I had a special event to support today and was busy from 9:30AM until 10:45PM. I didnt get my fix of TD for the day.

        One thing is for sure, if silicon valley poured as much money into br... campaign contributions as Hollyweird did we wouldnt have much to talk about here. G'nite all.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          jupiterkansas (profile), Jan 24th, 2013 @ 8:34am

          Re: Re: Re: The younger generation

          My impression of politicians is they spend most of their time meeting people and attending high-profile events, and the rest of their time I suppose studying law.

          I don't mind that they do that, actually, but then they run around pretending they know a lot about everything.

          Their job is to pass laws. The purpose of most laws is to make some activity illegal. So they must constantly look for activities to make illegal to justify their jobs.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            weneedhelp (profile), Jan 24th, 2013 @ 12:16pm

            Re: Re: Re: Re: The younger generation

            "the rest of their time I suppose studying law" My impression of them is that they spend most of their time meeting people and attending high-profile events collecting checks, and the rest of their time spending them.

            We know they pass stuff without reading it.

             

            reply to this | link to this | view in chronology ]

      •  
        icon
        Ole Juul (profile), Feb 1st, 2013 @ 1:25am

        Re: Re: The younger generation

        I'm approaching 70 and I don't have a problem with computers, though I suppose I'm a bit of a Luddite for preferring the command line when possible, and never having used Windows or Mac. I think the perspective on age depends on who you hang out with. None of the younger people around me know anything about computers beyond applications and most of the old farts I hang with on the net are retired computer professionals. My obviously skewed perspective is because of my current environment. I have a feeling that some of the rudeness shown towards us old folks is from people who, like me, don't get out much, but just have a different social environment. Is ignorance really about age? I don't think so.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Jan 23rd, 2013 @ 1:30pm

      Re: The younger generation

      "natural curiosity of young and insightful minds" - I would have done the same thing. Dont think it is age at all.

      I agree. And I am flirting with the big 5-0 (two years from now).

      I have always pushed whatever technology I have in my possession to the limits - for no other reason than to actually learn the limits of what I can do with it (I've yet to see any manual or other info that really lists this type of info truthfully for any technology). Many of the things in this article are things I have done or came close to doing in my life.

      Geez, even when I play computer games, the fun for me comes from exposing programming flaws and using them to my advantage. That IS part of the gaming experience for me.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 1:01pm

    Indeed

    Yeah, old people don't understand that there's also a requirement for the developer to apply security practices.

    And yes, Data Breaches will unfortunately continue... When I was in Los Angeles, I had an opportunity to design a iPad/Web-enabled application to HIPPA standards. It was to be deployed in conjunction with a California Department of Health contract, particularly filling a Medicaid requirement.

    Now, I had designed and deployed on a HIPPA project prior to this- built a CRM tool to HIPPA standards, and was also familiar with technical APIs and database table-level AES encryption requirements, encryption key rotation, authentication, auditing requirements, as well as million-dollar fines for a breach. I included this in the Statement of Work and application design for some Medicaid or Medicare program, so I was sure it'd be audited.

    The client I worked with said the application didn't need these types of security or auditing mechanisms and said "Why are you so worried about security?" even after disclosing potential fines. We had further exchanges, but the application the client desired would still would not be compliant to Federal HIPPA regulations. Yes, they desired a simple records-management tool, but technical requirements surrounding HIPPA dictate the spec too!


    I ultimately turned down the contract due to risk surrounding a potential breach, and I couldn't afford some opportunistic, and underemployed Hollywood Attorney trying to get a free lawsuit.

    I imagine Skilled Wound Care found a designer to build it to their spec, but after several discussions, including hosting in a DoD-compliant facility, from a recommendation of a former colleague, that also provided physical security, the price for HIPPA-certifable compliance, and security, was higher than expected, but being awarded a contract from a state or federal agency, which should be compliant, is important as well.

    So I kinda feel like I need to share that HIPPA programs are important, and so is technology, because often times people will call a $15/hour Geeksquad idiot to tell them how to make something secure.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 1:05pm

    This is people in power trying to implement security by force. It is cheaper to use the law to protect a system, or at least prevent public disclosure of flaws, that to actually pay for someone to audit and secure a system against accidents. A few high profile cases wioth serious prison time will stop other from revealing the flaws that they find to anyone, and keep them from using them.
    These people do not try to understand technology because they believe that their word is law, and that their power will scare people away from doing anything that might annoy them. Emperors and new clothes sums up their attitudes.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      JEDIDIAH, Jan 23rd, 2013 @ 1:19pm

      The law of unintended consequences.

      This nonsense won't prevent exploits. It will just discourage what you might call cyber-journalism. People will not disclose the results of their investigations. In the end, only those with ill intentions will be aware of these flaws.

      Only the white hats will go away.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 23rd, 2013 @ 2:05pm

        Re: The law of unintended consequences.

        I did not say it was sensible or that it would work, it is terrorism applied to protecting business. For example DRM has a flaw, the customer and the attacker are the same person, and they are given the encrypted data and the decryption key. The DMCA is then used to protect this flawed model by threatening criminal sanctions for breaking DRM.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 23rd, 2013 @ 2:13pm

        Re: The law of unintended consequences.

        Which is, once again, part of the problem: driving legitimate users testing security, and letting the real criminals get away, because the management/supervisors of the system do not understand it.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Jeffrey Nonken (profile), Jan 23rd, 2013 @ 1:12pm

    "...try to overlay an analog view on a digital world."

    I've had people tell me, straight-faced, that they got better bass response using high-quality AC3 cables than cheap ones.

    ...


    So. This morning I was looking at an online photo a customer had sent of a competitor's product, a direct link to the competitor's website. Curious, I tried to view more pictures by removing the filename from the end of the URL. It didn't work, I got an error page; so I backed out to the homepage, from where I was able to find the gallery.

    OMG did I just hack their website?!

    Some people apparently think so. Sometimes that trick works if the site's administrators haven't locked out the ability to view file directories. Sometimes it doesn't. But is it hacking? Seems to me I vaguely remember some people being prosecuted for doing similar things.

    It's not a hack, and it's a natural thing to try if you're just trying to find what files are available. Sometimes it's allowed me to, for example, find documents that were intended to be available, but were mis-named on the site's html, or its name generation code was broken, or some such. Is it hacking then?

    Probably. Anything you try that doesn't have a direct stamp of approval from every level of government is hacking, if somebody gets irritated.

    We've gone from an open society to a permission-based society. Instead of "all is permitted unless prohibited" it's now "all is prohibited unless permitted." Goes nicely with our change from "innocent until proven guilty" to "guilty until proven innocent." Or more like "guilty if accused." Proving innocence doesn't seem to do anything except piss off the government that's of the politicians, by the politicians and for the rich.

    Sorry for the rant, I'm in a bad mood.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 1:18pm

      Re:

      Well, shit. If that's hacking, then lock me up. Almost anytime I get a link like that, the first thing I do is check out what happens if I back out to the main page, to see what kind of site I was actually being linked to, and what else they host.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jan 23rd, 2013 @ 2:29pm

      Re:

      This is common practice, and despite what some people in power seem to think isn't hacking.

      A URL is a request that can easily be denied. It's knocking on the door, not breaking and entering.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      weneedhelp - not signed in, Jan 23rd, 2013 @ 9:19pm

      Re:

      Love rants they bring out statements like this:

      Instead of "all is permitted unless prohibited" it's now "all is prohibited unless permitted."

      Couldn't be more sad but true.

      "But is it hacking?" - If an admin has not prohibited directory browsing then no. It is a feature that has not been turned off. If I was ever brought to court on something so absurd it would be easy to show a jury or judge how to turn that feature off. Just bring a laptop with (in my case I run my website on win2008 server and IIS) IIS on it and do it in front of them.

      Rant away brother, rant away. Feels so much better when you get it out.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Ben, Jan 27th, 2013 @ 8:18pm

        Re: Re:

        Here is how it will go:

        Members of the jury I will now show you how easy it is for a system administrator to turn option xyz off.

        Open the Start Menu, go into the Administrative Tools Menu.

        (*gasp* from the jury, but.. but.. that menu is only for the Administrators).

        Load "Internet Information Services (IIS) Manager".

        (*the jury immediately classifies anyone who can make sense of all those icons and their scary sounding captions like 'Output Caching' 'Worker Processes', '.NET Trust Levels' as a technical Gandalf or a hacking Sauron and you're on trial so you're not dressed in white *)

        Drill down into MachineName/Sites/Default Web Site, click on ...

        (* the jury have already decided that this is not something that a normal web site administrator could ever be expected to know. Furthermore your dark arts are so powerful that they should immediately call for double the maximum penalty because the people who set the maximum could never have imagined that someone so dangerous could exist on this earth *)

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Ben (profile), Jan 23rd, 2013 @ 1:15pm

    Prior knowledge?

    " If the technology allows it, why not probe the system and see what comes out? It's the natural curiosity of a young and insightful mind, looking to see what information is there. When it's made available, how do you not then seek to access it?"
    Moreover, these prosecutors often act as if there are clear lines for what is appropriate behavior, when in reality the only boundaries are those made in trial. Especially given the opacity of most ToS, it should not surprise anyone that it is actually easier to just try something than to understand the ToS. If these prosecutions are good for anything, it is to highlight the stark differences between a world with natural, (generally) inviolable rules -- technology founded on standards and science -- and law, a manmade system interprable by and benefiting (substantially) only those with a career in it. Laws are certainly necessary but they must not artificially or, usually, unintentionally restrict possible uses of technology. Hello CFAA reform.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 1:17pm

    How odd that most here seem to think it's an age thing. Here's you some news, I'm retired and I understand exactly what is being pointed at here in this article.

    What the real problem is, isn't age. It's vested interests paying off for what they want, and illiterate computer users. Here's another news flash, illiterate computer users come in all ages; not restricted to just the elderly.

    You know where else this is going to really bite at? The government wants hackers for their cyberwar in both defense and offense. Finding those people with sufficient skills isn't going to be easy when the system sets up a huge barrier talent has to climb just to learn, much less be effective. This same set of skills will be encouraged in other countries seeking to obtain the same. So at what point will the balance tip in favor of the opposition?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    That Anonymous Coward (profile), Jan 23rd, 2013 @ 1:21pm

    Part of the problem seems to be the government wanting to pursue easy wins. I watched part of the Frontline coverage of the banking meltdown and listened to this mealy mouthed DoJ lacky saying the cases were difficult because they had to prove there was real wrongdoing.

    If you add "on the internet" it is a trigger for a portion of the population that it has to be bad. Computers are a kind of black magic that some people refuse to understand. They rely on the lawyers to tell them why this is bad and wrong, and have faith that the system is fair and balanced.

    It is becoming clear that the system is being used to protect monied interests who do stupid things. AT&T makes all of these things available, but because someone discovered this he is the bad person. It doesn't matter that someone else could have been doing the same thing and used the information for bad, it matters that he found it and made it public. It is a crime to point out how little corporations care, and that we can't expect them to do their duty to protect consumers.

    In the story pointing out the emperor is naked was a good thing, it made people stop accepting what they knew wasn't true and get change. Now it gets you dragged into court and threatened with long prison time, while the emperors are never held to the same standards. The rules are supposed to apply to everyone, not just those you can pressure into accepting your terms so you can record another win towards getting a bonus avoiding the hard or difficult cases that might throw off your stats.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    hester (profile), Jan 23rd, 2013 @ 1:31pm

    Old folks and technology

    I'm guilty of both being old and not understanding technology. On the other hand I have been reading tirelessly about Aaron Swartz and what happened to him.

    Some of us oldsters are pretty liberal and understand and approve of openness and availability for people to become informed. I think many people who are against this openness really do not understand, but would be sympathetic if things were explained to them in way they (we ) could understand.

    And btw, many of us protested the War in Vietnam, so we're not all idiots or frightened. Just ignorant of newer technologies.

    peace.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jan 23rd, 2013 @ 2:32pm

      Re: Old folks and technology

      Age and ignorance are not correlated. I know young people who are completely clueless about computers, and I know people in their 70s who are experts.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 1:38pm

    Why does this seem just like the US government going after whistleblowers and ignoring their own violent crimes... we really need to get industry to stop going to the government parties.

    P.S. My optimized C will run infinite loops around your sloppy Perl, yah whippersnapper.

    P.S.S. Obtusity to fact in favor of false but popular paradigms is only a product of age for some. Usually the fight for false is driven by criminal/nefarious intentions.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Richard (profile), Jan 23rd, 2013 @ 1:45pm

    Feynman

    Read Feynman's autobiography.

    Look at the bits about safecracking (pp77-83) and the holes in the physical security fence (pp65-66).

    "Colonel," I said, in a serious
    tone, "let me tell you something about these locks: When the door to the safe or the top
    drawer of the filing cabinet is left open, it's very easy for someone to get the combination.
    That's what I did while you were reading my report, just to demonstrate the danger. You
    should insist that everybody keep their filing cabinet drawers locked while they're
    working, because when they're open, they're very, very vulnerable."....

    The next time I went to Oak Ridge, all the secretaries and people who knew who I
    was were telling me, "Don't come through here! Don't come through here!"
    The colonel had sent a note around to everyone in the plant which said, "During
    his last visit, was Mr. Feynman at any time in your office, near your office, or walking
    through your office?" Some people answered yes; others said no. The ones who said yes
    got another note: "Please change the combination of your safe."
    That was his solution: I was the danger.


    Unfortunately this is nothing to do with computers. It is an old fashioned (analogue if you like - but actually that is a horrible misuse of the word) problem re-incarnated in digital guise.

    The so called "old people who don't understand" won't die off - they will be replaced by a new generation of people who don't understand.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    mmrtnt (profile), Jan 23rd, 2013 @ 1:50pm

    Apparently

    If Swartz had been an investmen banker the DOJ would have been easier on him.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 1:52pm

    So if you remove the "computer" part of the equation you end up with something like this:

    Aaron Swartz walked up to buy something from a cashier. They had a penny tray that said, "Take what you want." After taking a handful of pennies he was charged with theft.

    Andrew Auernheimer was talking with an AT&T rep. The rep would give out all their customer information if you said the customers' number. After trying several numbers he ends up with information from multiple customers. I guess AT&T's honesty system wasn't very robust.

    Meanwhile, up in Canada, Ahmed Al-Khabaz found that the door to the student records was unlocked. He let them know about the security problem and initially they were happy. A few days later he checked to see if the door was unlocked and open still only to find out that it's illegal to look inside open doors.

    The moral of the story is that free isn't, open doors are secure by default and AT&T sucks.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mr. Applegate, Jan 23rd, 2013 @ 2:04pm

    Times have changed!

    If I did now what I did way back in the day (like 30+ years ago), I would most certainly be in prison, probably for life.

    Yes, I was a hacker.

    I never did any real harm, and like the above mentioned, I was just thirsty for information, I wanted to see if things were secure, or was well it's there may as well have a look.

    I never 'stole' information for personal gain, or tried to blackmail anyone. I had complete control over the school systems computer for years. I was just a kid learning about computers.

    Now, I am a consultant, and make a very good living because what I did as a kid prepared me for what I do today.

    While I know there are technically illiterate people out there, I think the real problem is the insane laws. For instance if I want to watch a DVD on my linux box I have to violate DRM to do it, that is stupid. I bought the DVD, It is my computer in my home connected to my TV, but I have to violate DRM to watch it.

    So the real problem is the laws. In many cases they are outdated and in many others they were written only with huge corporate interests in mind. That is where I think the true problem lies.

    You can teach a judge or jury about technology, but you can't get most of them to ignore the law.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    James Burkhardt (profile), Jan 23rd, 2013 @ 2:17pm

    I think I have a great analog analogy for those who still might not understand. I will look at these cases using a famous halloween staple, the unattended bowl of candy with a sign that says 'take some'.

    In Aaron Swartz's case, the bowl was JSTOR's, and the candy were articles. He took half the bowl. It wasn't criminal. It is a serious Faux-pas, but there was nothing to stop him. But the best part of his 'crime' is when you translate that bowl of candy to the digital realm. No matter how many times Aaron grabs a snickers bar, there is still another snickers bar. The big concern was that he might sell those snickers bars to people instead of them coming by the house the bowl is at. (its not quite perfect, analog to digital never is).

    In Andrew Auernheimer's case, The Bowl was AT&T's, and the candy was customer data. He took a little candy. But then he told every kid in town What that candy was and that an unattended bowl of other candy was there. Again, not illegal, just a major Faux-Pas. And he needed to show everyone what candy there was so they knew they could get the candy, or in digital terms, he needed to scrape that data to prove that you could. THere is a new 'security leak' rumor every week. Proof is needed for me to take the latest rumor seriously.

    In the third case I can't establish a good framework. But the fact remains that the behavior might be a Faux-Pas, but mearly accessing the data can't be a crime. If it is then security research goes out the window. the third case is a clear case of how you do 'White Hat' security research. You point out a vulnarability. Then you go back and see if it has been fixed, because if it hasn't you need to report it to a wider audience and shame them into fixing the vulnarability.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 23rd, 2013 @ 4:37pm

      Re:

      The third case is the student finding a bowl of candy laying out, informing the owner of the candy that he shouldn't leave it laying out if he doesn't want the candy stolen, and then going back later to see if the owner of the candy has put the candy away.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Nick Taylor, Jan 23rd, 2013 @ 2:44pm

    "The government has no problem with this up until you transform the output into something offensive to important people"

    Being the key phrase. We as humanity, need to excise this situation.

    I think we need to create a register... like a sex-offender's register, but for "important people", who are enemies of the internet, open computing, freedom of information etc etc.

    Something that is specifically created with a view to seeing that said individuals lose their jobs, and/or never get elected again.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BLARM, Jan 23rd, 2013 @ 4:08pm

    Ron White Said It:

    "You can't fix stupid."

    Me? Just passin' through.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Eponymous Coward, Jan 23rd, 2013 @ 5:07pm

    In this recontextualization...

    It is the criminalization of saying "Look, the emperor has no code!" (Or at least sloppy, unsecure code)

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    btr1701 (profile), Jan 23rd, 2013 @ 7:52pm

    Idiotic

    I said this in another thread and it bears repeating here:

    This whole 'punish the people who show us security flaws' trend is ludicrous.

    It's equivalent to the Secret Service leaving the gates to the White House wide open, then arresting anyone who noticed it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 8:37pm

    "Swartz downloaded a lot more than the system intended, even though the network was open and the terms allowed for unlimited downloads."

    Do you have a citation that accurately describes in detail what is quoted above?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 8:42pm

    Nevermind...

    A couple of generations growing up in Apple-like walled gardens and people will have grown out of natural curiosity - it isn't an approved app.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 23rd, 2013 @ 10:21pm

    ageist

    Your notion that there are problems is good. However, your analysis on its cause (old people are dumb) is not good. There are plenty of people "of age" that understand this technology. They invented it, for crying out loud! That lawmakers tend to not be part of this crowd is the problem. Not age in and of itself.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jock McTavish, Jan 23rd, 2013 @ 10:56pm

    Hacking

    From the outside, America is looking like a medieval state, hacking is the new witchcraft, and the feds the new witch finders general.
    We (the Scots) invented the prosecution of witches and are seriously considering a copyright violation claim.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 24th, 2013 @ 5:30am

    It's not just technology that is misunderstood, it is everything that does not add to their position and said lack of understanding is at times intentional, feigned or an obvious lie.

    In addition, this is not isolated to one particular country as it is human nature.

    Checks and balances are there for a reason and this why they are under constant attack which is quite inefficient at times but the alternative is unacceptable.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Jan 24th, 2013 @ 8:55am

    It gets a severe level of mental handicap to hear a guy reporting to you that you have security holes in your system and interpret as if he's trying to do something bad to you. Regardless of understanding the system in place or not. It is quite clear for me that a criminal will not reveal the security gap if he's profiting or benefiting from it.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    shane (profile), Jan 24th, 2013 @ 8:58am

    Asleep at the Wheel

    I've been doing a horrible job at this, but one of my primary interests in IP law is the concept that IP law, from its inception, is more about retarding technology than promoting it.

    Its original purpose appears to have been to draw talent from other regions, often times other nations, and set that person up with a monopoly in order to create "brain drain" as we now know it from the region the person came from originally.

    This concept of a "war on technology" is right down my alley, and I am sorry but I haven't got a lot of information gathered yet. Indeed, my current reading projects all have little or nothing to do with it... But I still would be interested to see if anyone else is aware of this idea that IP is actually more about centralized control, and what if any documentation there is to support the idea.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 24th, 2013 @ 12:08pm

    Steve Jobs and Vint Cerf

    Blaming age for computer illiteracy is lazy. It also prevents us all from trying to determine how to teach our leaders and other elders about technology and what the digital revolution really means.

    How much would you have missed out on if you dismissed these people (and many others) because of their age?

    Steve Jobs was 56 when he died, having not slowed down mentally at all.
    Tim Berners-Lee is 57. So is Ray Ozzie.
    Vint Cerf is 69.
    Bob Kahn is in his 70s.
    Grace Hopper created one of the world's first compilers in her 40s, set the standards for COBOL and computerized the US Navy in her 50s, and was working until age 85.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 24th, 2013 @ 12:09pm

    Steve Jobs and Vint Cerf

    Blaming age for computer illiteracy is lazy. It also prevents us all from trying to determine how to teach our leaders and other elders about technology and what the digital revolution really means.

    How much would you have missed out on if you dismissed these people (and many others) because of their age?

    Steve Jobs was 56 when he died, having not slowed down mentally at all.
    Tim Berners-Lee is 57. So is Ray Ozzie.
    Vint Cerf is 69.
    Bob Kahn is in his 70s.
    Grace Hopper created one of the world's first compilers in her 40s, set the standards for COBOL and computerized the US Navy in her 50s, and was working until age 85.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      shane (profile), Jan 24th, 2013 @ 3:55pm

      Re: Steve Jobs and Vint Cerf

      I appreciate where you're coming from, and really your points are all correct. But I don't think that is actually what Masnick was talking about. I think he is more interested here in the cultural resistance to change, and is offering the generality concerning older folks and their understanding of technology as one fairly good sized brick in that wall of resistance.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    hopponit, Jan 24th, 2013 @ 11:57pm

    “goatse tight”

    All right, I had to look up “goatse tight” on Wikipedia. Thank you my mind is numb. Good one.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Afvallenzonderdiet, Feb 6th, 2013 @ 4:22am

    Afvallen zonder diet

    I imagine Skilled Wound Care found a designer to build it to their spec, but after several discussions, including hosting in a DoD-compliant facility, from a recommendation of a former colleague, that also provided physical security, the price for HIPPA-certifable compliance, and security, was higher than expected, but being awarded a contract from a state or federal agency, which should be compliant, is important as well.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    suikers joy, Feb 13th, 2013 @ 7:23am

    This is a nice blog and it is interesting one, Thanks for sharing it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Evelien, Aug 28th, 2013 @ 7:14am

    Afvallen met het Vastendieet

    They invented it, for crying out loud! That lawmakers tend to not be part of this crowd is the problem. Not age in and of itself.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This