Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
from the this-is-not-good dept
If you accidentally leave your Google Drive accessible to anyone with the URL, and someone goes there and deletes stuff, is that “unauthorized access” and a violation of the CFAA? To me, the answer should be absolutely not. But in this recent ruling the judge went the other direction (first noted by Evan Brown).
So, let’s start this one off by noting that the defendant in this case seems to be a generally terrible person, who runs a Facebook group focused on spreading ridiculous nonsense regarding her local school district. As described in the lawsuit the group is:
“dedicated to propagating anti-mask policies, anti-vaccine policies, anti-LGBTQ policies, and anti-Critical Race Theory policies within the Scottsdale Unified School District.”
Yeah. So, you get an idea of what we’re dealing with here. The father of a member of that school board, who seemed (perhaps reasonably) concerned about the activity in this group, started collecting information on what was going on in the group and storing it on a Google Drive account. Apparently without realizing it, he set the folder to be accessible to anyone with the URL.
At some point, things got messy, with the son of the school board member being accused of defamation. Here is the description of what happened next from the court opinion:
In 2021, Plaintiff’s son was accused of defamation. He responded to his accuser by emailing “13 photographs of public Facebook comments, made by his accuser, some of which were stored on the server.” One of the photographs displayed the URL to the Google Drive, and that photograph made its way into Amanda’s possession, where she noticed the URL and asked a third party to make a hyperlink for the URL. Once provided, she clicked on it to access the Google Drive. She reviewed, downloaded, deleted, added, reorganized, renamed, and publicly disclosed contents of the Google Drive.
So, obviously, that’s not great. But, it seems clear that the fault was with the owner of the Google Drive folder, Mark Greenburg, who failed to properly secure it. Even if it feels icky that the defendant here, Amanda Wray, messed with the folder, none of that would have happened if Greenburg had properly secured the account (which is the default setting — so he had to proactively choose to share the folder differently).
Wray seems like a terrible human being in oh so many ways, but it seems ridiculous to argue that she violated the CFAA. The court, however, goes the other way:
This is a close call. Plaintiff acknowledges that the portion of the Google Drive accessed by Amanda was not password protected; Plaintiff had inadvertently enabled the setting that allowed anyone with the URL to access the site. But, Plaintiff alleges that this setting did not per se render the Google Drive public, given that the URL was a string of 68 characters. What’s more, the Google Drive was not indexed by any search engines, unlike the website in hiQ. Therefore, it wasn’t just “anyone with a browser” who could stumble upon the Google Drive on a web search—the internet denizen wishing to access the Google Drive needed to obtain the exact URL into the browser. By the Court’s eye, Plaintiff alleges that the Google Drive had limitations and thus persons attempting to access it needed authorization.
In short, the plaintiff’s argument is that security by obscurity should be legally protected. The fact that it was not indexed by search engines doesn’t seem like it should matter at all. The fact is that Greenburg (accidentally, but that shouldn’t matter) made the folder available to anyone with the URL, and his son (accidentally, but that also shouldn’t matter) revealed the URL. At that point, it’s public. It’s on Greenburg to secure the folder.
Wray’s response, to go into the folder and mess around with it isn’t great, but that should not be seen as “unauthorized access” under the CFAA.
I worry about rulings like this, because it could cause real damage, especially for security researchers, and others who quite often will find public folders that are not secured properly. If the settings are set so that the folders are public, it is deeply problematic to argue that the access is unauthorized. The settings themselves that open up the folder literally say that everyone with the URL is authorized to view it, even if they have to type in a long URL by hand. That’s what happened here, and to argue that the access is unauthorized, once again, raises serious problems with the way the CFAA is interpreted.
Filed Under: amanda wray, cfaa, google drive, mark greenburg, settings, unauthorized access
Comments on “Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access”
?!
I left my stuff at the curb and people took my stuff!! WHAAAA!
Re:
That’s not a great example. Taking something left at a curb would certainly be theft if whoever left it didn’t mean to abandon it. I often see small libraries, kids’ bicycles, and benches (for example) in that area. It may sometimes be hard to establish criminal intent, but a civil ruling of “give the stuff back” should not be surprising.
Re: Re:
Amazon Porch Thieves come to mind…
Re: Re: Re:
Also known as Amazon Porch Pirates, though that label also describes those who break into your Wi-Fi connection to illegally download digital copies of chart-topping music and blockbuster movies from the comfort of their porches. 😒
Re:
So you think theft by finding is okay, do you? How old are you? Six?
Re:
A better analogy:
I accidentally published the combination to my front door in a picture I posted publicly.
Someone used the combination to enter my home, destroy things and write graffiti all over the walls.
The google drive URL itself is like a password, or combination. Just because you have a password does not mean you were given permission to use it and then modify/delete whatever you could access with that password.
Re: Re:
Except in this case, the act of publishing it (making the Google Dive folder open) specifically SAYS it authorizes people to come in.
That remains true even if you cede the argument that the URL “is like a password”, which it definitively is NOT.
Re: Re: Re:
No. You’d have an argument if the owner gave specific access to the defendant with editing privileges. Accidentally leaving a door open doesn’t express intent. It’s just careless, not intentional. You’d also have to argue the plaintiff intentionally sent the address to the defendant with the intent that they have access. That’s clearly not the case.
Re: Re: Re:
A Google Drive URL contains a string of characters that grant access to specific resource(s)
The fits the definition of password.
https://www.merriam-webster.com/dictionary/password
Re: Re: Re:2
Here’s the thing: a lot of American tech companies, including Google, make permissions opt-out rather than opt-in. It’s hardly plaintiff’s fault if he’s not highly cynical and thus believed Alphabet’s lies about “respecting your privacy.”
Re: Re: Re:
Except in this case, the plaintiff didn’t publish the address of his Google Drive at all. He accidentally released it to one person, not the general public.
Re: Re: Re: The deciding factor ...
The tampering raises a troubling aspect. If you have an open house allowing people to tour your home or for purposes of selling it, sure you should expect that any rando can come in and look around.
But there isn’t any expectation that you’re giving permission to people to come in and take things, or smash them up with a blunt weapon.
Similarly, deleting or modifying files is a separate access level and permission from just reading them.
Re: Re: Re: Many levels of deliberate deceit
Plaintiff Greenburg did literally nothing but inadvertently set his drive settings to something unintentional. His son didn’t advertise the security error. The defendant’s cohorts SCOURED for it (for the purposes of exploitation), and found it (in pixel form) rather obscurely contained within just ONE of 13 attached screenshots. The defendant then chose to deliberately exploit an obvious security weakness that she KNEW was off-limits to her.
Re: Re:
A better analogy still would be putting a dry erase board in an out of the way, seldom-traveled, but still public corridor. Nobody knows it’s there so anything you write on it goes untouched.
Then one day, you tell someone you trust about where it is, and they publish that information to the world. Shortly thereafter, someone walks down that public corridor, erases something you wrote, and writes their own thing.
Yeah, they didn’t have your direct permission, but you were the one who chose to put it in a public corridor instead of in your private office behind a door that only you have a key to.
Re: Re: Re:
Not really, because the folder and the documents are your property, not just random writings on a dry erase board. And it wasn’t made public intentionally, so it’s more like you dropped your box of stuff in public on accident.
Re: Re: Re:
Except the guy put it in a “room” he had the only key to, not realizing that he’d accidentally left the door unlocked. If we were talking about the physical world, charges of illegal entry could be brought, making your analogy crappy.
Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
Is it actually dangerous, though? Reading the article tells me that Wray didn’t simply go onto the plaintiff’s Google Drive, she added and deleted stuff, which is technically hacking since she did it without the permission of the plaintiff. This is why the judge said it was a close call: the access was technically authorised, but the addition and deletion of data wasn’t. I will agree that the plaintiff’s argument of ‘not indexed by search engines’ is bullshit, though. There’s a few sites that don’t pop up in search results on Google, but that doesn’t prevent me accessing them and viewing their pages.
Re: I believe google drives are indexed by search engines.
You have to know which engines or the markup to use in the search. There’s a massive open-directories community that shares information this way. Because the RIAA doesn’t know about these engines or markup, the community has thrived, untouched for decades now.
Re: Re:
That’s why I specifically mentioned not finding things via Google. It attempts to censor so much that it’s better to search with Bing or DuckDuckGo instead. I mean come on, Alphabet! I’m definitely an adult now, so why won’t you let me search for porn with Google?
Re: Re: Re:
Go into Google settings, available on search result pages, and turn of the explicit content filter, and Google will give you the results you want.
Re: Re: Re:2
Only if you allow cookies for targeted advertising, so no matter what I do, I have to trade one right for another.
Re: Re: Re:2
Even if someone’s willing to give up their right to privacy in exchange for respect of their right to freedom of speech, that doesn’t solve the issue of Google showing results based on what its algorithms thought you meant, which is sometimes far removed from the carefully constructed search term you actually entered. This is why Bing’s my go-to when it comes to looking stuff up online.
Re: Re:
Because the RIAA doesn’t know about these engines or markup, the community has thrived, untouched for decades now.
So Google Drive is the next Pirate Bay now? 😮
Re:
Public Google Docs are public, and the owner had to specifically authorize public access though. His not giving permission to specific people is irrelevant next to the fact he gave blanket consent to everyone in the world.
Re: Re:
Except he clearly didn’t do that intentionally. You’re interpreting consent where he didn’t provide it. You don’t get to keep a wallet you found on the street that someone accidentally dropped. You don’t get to walk into someone’s house just because the front door is unlocked. He didn’t publish the address to the folder as a hyperlink nor did he post it to the world. He accidentally sent it in an image to a single person.
Re: Re:
So if I accidentally leave my front door unlocked whilst at the local shop, I can’t bring charges against the stranger I find in my lounge upon my return because I “gave everyone blanket consent”? I don’t think so, mate. That’s not the way the law works.
Re: Re: Re:
Trespassing offline and trespassing online may share a word, but they’re entirely different things.
Re: Re: Re:2
Right. The first is first degree criminal trespass, while the second is a violation of the CFAA (in this case). I’m still not detecting your point here.
Re: Re: Re:3
Dammit, you got there before me.
Re: Re:
Public Google Docs are public, and the owner had to specifically authorize public access, though.
Except he didn’t, though. As I pointed out above, Alphabet’s permissions are opt-out in places without sufficiently strong privacy laws, including the US, so Google Drives are public by default and you have to actually set them to private just like with Facebook settings not so many years ago.
Re: LMGTFY
The permissions to add, rename, delete were authorized to the same extent access was: you can provide read-only access on Google Drive.
Re: Re:
Which the plaintiff in this case didn’t realize he hadn’t done, and in fact believed that no one could access his Google Drive but him. Your point?
Re:
i think it is dangerous; the CFAA is the wrong route, and a law designed for abuse.
There are plenty of torts for which one could make a case. The federal “War Games” law is a stupid and unnecessarily escalated avenue to take. And the ruling, if it stands, just opens the door to more egregious stupid.
Re:
I don’t think that works. Either the granting of permissions is recognized as having taken place, or it isn’t. I think it should be, but it doesn’t make sense to split it in half and say he authorized the public to access the folder but not change it.
Re: Re:
…it doesn’t make sense to split it in half and say he authorized the public to access the folder, but not change it.
There’s a blog the public are authorized to access, but not change that refutes your hypothesis by its very existence.
Re: Re: Re:
That’s because read only and edit access are separate for that blog. That was not the case for the Google document (folder? not sure) in question. Full access was granted to both view and edit by a single action. Either that action authorized anyone with the link to view and edit the information, or it didn’t. There is no coherent argument for how it could have authorized viewing but not editing.
Re: Re: Re:2
Your words:
Way to miss the point.
Re:
She and others actually made copies of the drive and then went around showing it to journalists after they deleted certain files, changing the name of other files, and adding new files. They represented the copy of the Dr. they had as the Dr. of Mr. Greenburg.
Didn’t we have a ruling recently saying that things like this were not a violation of the CFAA?
https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf
Re:
Different situation. Van Buren gained information he shouldn’t have on a system to which he had legal access. In this case, Wray deleted files on cloud storage she had zero permission to access.
I’m okay with this one because there appears to actually be malicious intent in the access. The defendant likely knew the owner of the folder didn’t want them to do that. And it wasn’t the access itself, but the deletion of content that seems most offensive.
I would say this is like noticing your neighbor accidentally dropped something from their pocket while going to their car and you walk over after they leave and throw it away while knowing your access was unintended by the owner and that they wouldn’t want you to throw the property away.
This comment has been flagged by the community. Click here to show it.
If I leave my front door open, you’re still not allowed to come in and take my television. Anyone get caught carrying away the tv from my home will still be procecuted for burlary. Same with the car door, even if the door is open, taking my car radio is still illegal.
Same rule applies to google drive. While it’s common for people to keep their drive door open, it’s simply not acceptable to delete files from it or take the contents and publish it on unrelated sites.
Security research can claim “good faith” on their security research. While black hat security people have more trouble with getting good faith proven, ordinary white hat security folks should have no problems.
Good faith is clearly not present when after some arguments with the owner, someone goes deleting data from people’s google drive storage as it was in the case referred above.
Re:
We should then be charging for the correct crime, IMO. The deletion and downloading of the files should perhaps be treated as vandalism and/or theft.
Just because it’s “on a computer” does not mean we need special “on a computer” laws.
Re: Re:
The deletion and downloading of the files should perhaps be treated as vandalism and/or theft.
Such charges being appropriate only in the case of destruction of physical property. Since this case deals specifically with digital property, the appropriate charge is hacking. Hacking falls under the CFAA which, due to the differences between physical property and digital property, is in no way a “‘special’ on a computer law.”
Re: Re: Re:
It IS a special on a computer law, because if the defendant had done it literally anywhere but on a computer, the maximum sentence would be a year in jail, but would more likely be punished with a fine or community service.
But because it was on a computer, the penalty is 10-20 years in prison without possibility of parole.
Re: Re: Re:2
And how does one delete digital data stored in the cloud except on a computer? It’s not snapping a DVD in half, FFS.
Re: Re: Re:2
The physical equivalent of Wray’s crime carries a sentence of 2.5-7 years, with a maximum term of 25 years, actually. But nice “setting the record straight.”
Re: Re: Re:
We shouldn’t need a special ‘on a computer’ law to charge vandalism. The public Google drive location wasn’t much different then a public park. What was allegedly done was closer to vandalism then hacking. Much like someone going to a public park and chopping down several trees. The person chopping trees was authorized to be in the park but not authorized to chop down trees. The person deleting files was authorized to be in the google drive but not authorized to delete files.
Charge for the crime committed, vandalism of property, not for just being in the public drive.
Re: Re: Re:2
It wasn’t a public park. It was private property that the defendant inadvertently had access to, like a neighbor’s front door be unlocked. The defendant chose to walk through the door. The link to the folder wasn’t published publicly either. It was accidentally sent in an image and not as a hyperlink. The defendant would have to argue the plaintiff sent the address with the intent of giving the defendant access and editing privileges, which clearly isn’t the case here.
Re: Re: Re:3
Agreed. The guy accidentally sent his address out, not realising that anyone who visited wouldn’t need a key to get in.
Re: Re: Re:2
Points for not knowing the original definition of the term “hacking”. Q-/
Re: Re: Re…
What we need, is a clarification in law that specifically states that our virtual spaces are indeed extensions of our homes and property.
The defendant here has an established and lengthy history of jumping on and immediately exploiting anything and everything she can find that casts her (many) foes in a negative light. In this case, she spent close to three months keeping her illegal access a secret from the plaintiff, while she crafted a horrible defamatory narrative about the plaintiff’s intent for collecting the data. The discovery will show just how nefarious her intent was, and this MTD situation does not even come close to accurately portraying just how ugly and dark her heart is.
This comment has been flagged by the community. Click here to show it.
Actually, there is no truth to Greenburg’s allegation that the group is ““dedicated to propagating anti-mask policies, anti-vaccine policies, anti-LGBTQ policies, and anti-Critical Race Theory policies within the Scottsdale Unified School District.”
This is merely his political attempt to vilify the Defendent. There is also no proof that the Defendant deleted or reorganized files. In fact, View access to a Google drive does not allow editing capabilities. If Greenburg’s files were deleted or reorganized it was likely by the other users that he granted Edit access. Greenburg has not proved that these changes were made by the Defendant.
Also Greenburg is an all-around terrible person and has been for many years.
https://www.azcentral.com/story/news/local/scottsdale-education/2018/08/22/scottsdale-school-board-candidate-jann-michael-greenberg-father-parody-account-mocking-perleberg/1068319002/
http://copyrightblog.kluweriplaw.com/2020/04/06/copyright-case-tresona-multimedia-llc-v-burbank-high-school-vocal-music-association-usa/
https://www.12news.com/article/news/education/parents-to-sue-scottsdale-school-district-board-member-over-secret-dossier/75-020f6741-1b62-4287-8aff-fade0b86696b
Re:
Looks like the defendant found this article…
Re: Re:
And theu;re absolutely deliberately lying that the group doesn’t engage in harmful anti-mask amti-education acts:
https://www.newyorker.com/news/letter-from-the-southwest/how-an-arizona-school-board-controversy-became-the-perfect-political-issue
That article also mentions some of the deranged defamations made of Greenberg.
Re: Re: Re:
It would appear the Republican loons have found this article.
I would suggest they turn themselves in to the nearest FBI agent for being NeoNazi terrorists.
Re: Re:
Agreed. The first link completely fails to back their claims, so I didn’t bother with the other two. There’s only 24 hours in each day, and I have to spend seven of them sleeping.
Re: Re: Re:
At least Masnick has one more lead to a story involving copyright.
Re: Re: Re:2
How does your comment relate to what Autie said?
Interesting...
I think that everyone can agree that the plaintiff did not intend to share the Google drive publicly and while it must be painfully embarrassing to be exposed for the troll that one is, the plaintiff’s own sloppiness and ego is what got him in this mess. The plaintiff had to manually change the drive default settings from “restricted access” to “anyone with the link can view.” Whether he did that and forgot, or got really proud of his trove of data he was collecting (including photographs of the defendant’s children) and kept it wide open – he screwed up and is now in the business of trying to save face over a very sophomoric choice.
There is no point in comparing this situation to finding a key and entering someone’s house because it is not the same. 1. This is the internet, not a diary under your bed. 2. The plaintiff is miffed that someone had the wits to type in the 60 something url and have success.
I do feel bad that the author of this article and his platform have been tricked into publishing this without completing research first. The Greenburgs have a VERY litigious history, personally and in business. Do you have kids, Mike? How would you feel finding out a grown man was storing photos of your property and family on a drive? And it wasn’t because he thought you were cute.
Man gets angry that there are people in opposition of his views. Man starts keeping files on people he doesn’t like. Man gets caught being a creeper. Man now wants to sue the people he targeted because they found out he was targeting them.
The only way that Greenburg could even file this case was to claim that the files were tampered/deleted/whatever his allegation is. Where is that proof? Google says “ANYONE with the link can VIEW.” It does not say “Anyone with the link can EDIT.” Greenburg just wants a head on a platter and a payout to replace his own negligence.
Re:
Interesting indeed, Ms. Wray.
How would you feel finding out a grown man was storing photos of your property and family on a drive? […] Man gets caught being a creeper.
Those sentences I quoted above? That’s how I knew who you are, and it’s also the reason ‘Man’ could have grounds to sue you for libel on top of the ongoing lawsuit for you destroying his data.
Re: Re:
How is it unusual that someone under a duty to look for and report child abuse would possess evidence of a likely case?
Re: Re: Re:
What’s your argument? Or are you simply trying to back Wray in her bullshit in these comments?
Re: Re: Re:2
I think what AC is implying is that the images complained of by Ms. Wray, if they ever existed, might have been taken by Mr. Greenburg to gather evidence of potential abuse by Ms. Wray against her children.
Re:
It looks more like Greenberg is the hero the kids need – willing to face the malicious ire of a terrorist cell openly plotting to harm his students.
Re:
How would you feel finding out a grown man was storing photos of your property and family on a drive?
How would you feel discovering someone else had placed photos of their property and family on your drive? And it was simply because you are more scientific than they are.
I am not a lawyer, but I think there are reasons to think that this is not some sort of legal disaster.
Firstly it’s a civil case not a criminal case, so to succeed the plaintiff does not need to reach beyond reasonable doubt, only preponderance of the evidence.
Secondly this is a ruling on a motion to dismiss and as the court notes “When analyzing the sufficiency of a complaint, the well-pled factual allegations are taken as true and construed in the light most favorable to the plaintiff.”
So when the plaintiff claims that a google drive URL is the equivalent of a password and the judge thinks it’s a close call, that seems likely not to pass muster later on when the judge doesn’t need to view things in the light most favourable to the plaintiff, and can fully account for the defendant’s arguments (If I was the defence lawyer I’d be thanking the judge for signalling an angle that he is receptive to counterarguments).
Thirdly the plaintiff alleged $5000 worth of damages, which he incurred by hiring a “forensic IT team”. If the defendant had accessed the drive but not done any vandalism, I don’t see how the defendant would have ever incurred those costs because there would never have been a reason to hire them.
I’m not sure the court got it right, but I think that this story is untimely because it’s about an interim decision not the final decision. If the court (or jury) rules this way in the final decision that would be a much bigger problem.
One of the photographs displayed the URL to the Google Drive, and that photograph made its way into Amanda’s possession, where she noticed the URL and asked a third party to make a hyperlink for the URL.
The defendant’s a member of a school district and she can’t even create a hyperlink out of a URL through the analog hole? 😶
Re:
The bad actors here were able to sucker someone else into taking the legal risks involved in accessing the drive. Very clever manipulation happened. Once inside, they found more than they’d imagined in terms of ammunition with which to mischaracterize the plaintiff’s drive contents. It contained information regarding lots of people, and most of them did not want to be associated with the hacking. But after 90-days of clandestine access and activities, defendant could no longer resist the urge not to publicly exploit what she’d found.
Plaintiff has also filed a “fraternal twin” defamation suit in state court regarding the same matter.
The Turning Point USA PAC appears to be funding their defense, as they seek to seize this as evidence of a “corrupt left” element in society.
I think the key here is vandalism. The deleting. Along with:
Is this not abuse? Abuse outside of security research?
Not “hacking” or “cracking”, but most definitely abuse.
This is very different than simply visiting an open directory and accessing/reading, public facing resources. This is intentionally causing mischief, vandalism.
I get your concern for security researchers, but this is far more than than finding and reporting issues
Re:
The hacking was Wray’s changing of the data in the Google Drive by adding and deleting stuff. Unless that’s no longer a definition of the word “hacking”.
Re: Re:
It’s not, and at least from the CIS industry, never was. The hacking is the act of unauthorised access. Here, assuming everything reported is true, there is no unauthorised entry.
An open access google drive is by its nature open access
Walking into an open house, as above, is not hacking. Coming back 12 hours later when it’s locked and entering anyway, is.
You need to hack, as in break open a window or door, or crack, as in pick the lock or decipher security, to gain unauthorised access.
Re: Re: Re:
Well, my parents were kids in the seventies and eighties, and they say that cracking is breaking in and hacking is the digital vandalism you carry out once you’re inside according to the definitions they grew up with.
Re: Re: Re:2
Could be. There’s a reason each version of the hackers’ dictionary covers more than one definition for many terms.
Regional variation.
I use the terms I grew up with, same era as your rents.
The point here is stepping into an open door in a community where an open door is an invitation to enter… is not illegal.
Fucking up thebdtuff inside is.
Re: Re: Re:3
If I leave my front door open while putting the wheelie bin out on the pavement, that is in no way an invitation for you to enter my flat. It’s my home, not a shop.
Re: Re: Re:4
True. But That’s not the premise.
If you lived in Open Door Town where there was an open door policy, eg google drive, you have an open door policy. In open door town you close your door when you want privacy just like google drive.
Like I said initially, drive owner may be able to get some level of trespass to stick on the access level. But if you fail to close your door in an open door community it’s on the owner.
Re: Re: More accurately
If you leave your car running at the gas station and go inside.
If you leave the car open and I climb inside and look, you’ve granted public access.
you may get criminal trespass to stick. But nothing more.
If climb in and drive off, that’s theft.
Same as I’d I take your radio. Or a book sitting on the seat.
If I change your stations, move the seat, turn in the heater; that’s abuse. (of private property).
Now assuming you locked the door to the running car, if o pick the lock or send a fake RFID/BT command to open the door, cracking.
And if I gouge out the steering hub or require the transmission Locke to drive away without a key/fob on an auto start or auto run, that’s hacking.
See the idea?
Re: Re: Re: Grr Fn autocorrect
Require-rewire
Re: Re: Re: You just proved my point.
Now assuming you locked the door to the running car, if I pick the lock or send a fake RFID/BT command to open the door, cracking.
And if I gouge out the steering hub or otherwise make structural changes so I can drive away without a key/fob on an auto start or auto run, that’s hacking.
See the idea?
Rationalization is not your friend
There’s actually a way to specify in the Google Drive settings that the drive is being made accessible to the public. “Anyone with the link” is not it. You actually have three levels of permissions. To share it with everyone requires specifically choosing to make it open to all. The other two options require one’s actually being invited.
“Anyone with the link” is just a way to quickly give access permission to people you wish to GRANT it to. Noticing the URL in a photograph and manually hacking your way in (when you know damn well you’re not invited) is no different than copying a key to your neighbor’s home while they’re not looking. Entering and copying files (when you’ve not been invited) is theft.
Get a criminal lawyer, Amanda.
“Permission” thoughts
Permission is a concept that needs more consideration. In this situation, there are two basic kinds. And you are required to have BOTH kinds in order for the access to be legit.
“Technological permission” is what one requires to physically gain access. For example: A key. A key code. A login and password. Or in this case, a direct link to the drive.
“Given permission” is the permission that the owner of the real or virtual property must also give. The invitation.
Amanda’s partner in this crime saw the URL in the photograph and secretly attempted to access the drive (and succeeded). They gained access with technological permission, but without GIVEN permission. One need only examine their post-access behaviors to show their respective levels of “presence of mind” in their crime. They spent ~90 days preparing a strategic media blitzkrieg that the Greenburgs could not hope to immediately defend against.
This was a planned attack.