A note about the "attribution problem" -- Attribution doesn't work like that for the U.S. We don't rely on the forensics like a security company (or even the FBI, perhaps) does -- we get most of our evidence from extensive NSA penetration of foreign networks and the Internet itself, including at times watching them unfold in near real-time.
The biggest development here, it seems to me, is that this operation completely does away with any notion of a criminal predicate. Previous efforts have mostly been about "connecting dots," i.e. searching those communicate with suspected terrorists, or at least those communicating with people from what the US deems TerrorLand.
But this, this is a search of everyone, right from the start, no suspicion or even mere connection to some suspect. It's the equivalent of searching everyone's house for evidence they committed some crime. It's an actual general warrant.
If the government wants companies to be held accountable for their security lapses, then make them financially liable to their customers for breaches.
Stupidly, our "cyber protection" law that got rolled into the omnibus budget bill last year provides for some civil immunity if companies share data about breaches with DHS, which will only make security even less important to companies.
In previous public remarks that I've made in the UK, I’ve focused on the three main motivations for systematic cyber attack... Another is propaganda: where the global platform that the Internet gives anyone and everyone is misused to make a point, attract attention or to instil fear and intimidate.
Yeah, when the government gets to decide which points are a "misuse"...
I understand the legal point you're making in this piece, but I'm also concerned about the justice aspect. As a starting point, when one does something that rains chaos in the life of someone else, we might start with whether humiliation (akin to the malice component in First Amendment jurisprudence) was the point or intention, as opposed to conveying info the public has a right to know but might be personally destructive to the person it's about. Otherwise, "privacy and dignity" do seem to evaporate.
But the bank (and Wendy's) analogy aren't really apt as they represent a physical intrusion. A website is much more an interface than it is (analogous to) physical property.
A better analogy and question is, can one "trespass" an ATM? I don't mean physically breaking into it, or even hacking it. I'm talking about using an ATM (one not on the bank's property, let's say for purposes of argument) as it's intended to be used -- is there any real sense in which you can be said to be trespassing it? Even you had previously robbed an affiliated bank and had been barred from their property, is swiping a debit card in one of the ATMs a trespass?
The Fourth Amendment literally says that the people shall "be secure in their persons, houses, papers...," which, in the context of computer intrusion is even more clear than concepts of expectations of privacy.
The standard of an "expectation of privacy" is also problematic in modern times in that depends of what judges think people should know about the operation of technology.
Quelle surprise. You'd think they would be glad there's a film out there spreading their message, but no. Instead the suit betrays what these films are really about, the same thing business has always been about -- money.