Legal Beagle: Cameron Slater: computer hacker?
96 Responses
First ←Older Page 1 2 3 4 Newer→ Last
-
Sacha, in reply to
links presented on the surface
This of course was the nature of Labour's error, but it would have been good to see a court test the limits, not some faceless police prosecution team.
-
LB wrote:
"For me, this subsection means that Cameron, who was, like the rest of us, authorised to go to Labour’s server to look at Labour’s website, was not committing a crime by looking at the other files that Labour had left open to view on their server."If a person follows links and sees a webpage they shouldn't then that ought not to be a crime.
But, if they then actively download the file for storage on their own system (i.e. not cached but actively saved) knowing it was not something they should not have access to than that is something different. (It breaks copyright at the very least.)
But, IIRC, they needed an IT specialist to help them so it doesn't look like their access was in any way accidental nor does it look like the files would have been able to be seen by a typical member of the population using the ordinary tools available to browse the web.
-
Stephen Judd, in reply to
Police (non)prosecutors are making decisions that are courts’ to make, not theirs.
Police decide whether to prosecute based on the likelihood of winning all the time.
-
So if I mount an SQL injection attack on a bank, just for hoots and giggles, it isn't criminal, provided I have an account there and don't actually steal any money?
-
Stephen Judd, in reply to
Some have argued that maybe, if you tell them and report the hole, they shouldn't shop you. Not saying I would argue that, mind, but that's the grey area of "security research" for you.
-
Sacha, in reply to
On untested law, they shouldn't be usurping the courts.
-
Russell Brown, in reply to
So if I mount an SQL injection attack on a bank, just for hoots
You're saying Hooton is organising bank jobs now?
-
So the more serious S.240 of the Crimes Act sez:
Every one is guilty of obtaining by deception … who, by any deception and without claim of right,—
(a) obtains ownership or possession of, or control over, any property, or any privilege, service, pecuniary advantage, benefit, or valuable consideration, directly or indirectly…Is private information a “property, privilege or service”?
[ Edited edit: not property R v Dixon, but a benefit, per the same case. ]
And “deception” is defined as:
(a)
a false representation, whether oral, documentary, or by conduct, where the person making the representation intends to deceive any other person and—
(i)
knows that it is false in a material particular; or
(ii)
is reckless as to whether it is false in a material particular; or
(b)
an omission to disclose a material particular, with intent to deceive any person, in circumstances where there is a duty to disclose it; or
(c)
a fraudulent device, trick, or stratagem used with intent to deceive any personWhen does a method used to access data which the “owner” did not intend to be served publicly become a “fraudulent device, trick or stratagem”. And does one “deceive” a person by deceiving their computer?
-
Lyndon Hood, in reply to
If I'm following, the owner didn't intend for it to be served publicly, but they didn't secure it. So you could just ask for files as 'a random computer on the Internet', no pretending required.
-
Stephen Judd, in reply to
Thanks for that link! MOST interesting.
-
BenWilson, in reply to
You’re saying Hooton is organising bank jobs now?
Someone tell him that when the police come they can easily be repelled by yelling "I've got a gun".
-
Sacha, in reply to
Those university fees are real steep.
-
Rich of Observationz, in reply to
There is a theory that because a computer program is a perfect embodiment of its owner’s instructions, most categories of computer misuse cannot be deception, as the computer evaluated those instructions and decided to grant permission.
I don’t think the courts believe this one, unfortunately.
Like you, I can’t remember exactly what’s being alleged in this case, but if it comes down to whether the methods being used by Slater were “deceptive”, then that ought to be a matter of fact for a court to decide.
-
Also, just to make myself a bit clearer, I'd agree with Graeme that Slater is off the hook on the s.252 offence (as Dixon the bouncer would have been if he hadn't tried to sell the video) but that given Slater's for-profit website and "consultancy" activities, there was a benefit gained and hence a potential s.249 offence if dishonesty could be proven?
(Also, s.249 upthread, not s.240)
-
Also, as these people found out if someone, like a bank, makes an error and you exploit it to steal, then it's still theft.
-
BenWilson, in reply to
There is a theory that because a computer program is a perfect embodiment of its owner’s instructions, most categories of computer misuse cannot be deception, as the computer evaluated those instructions and decided to grant permission.
That's deep. So when HAL tried to kill Dave, he was right, it was actually all down to human error. Also, there's only ever one truly correct document about the program specification - the machine code that is created. Why comment the code? It's either obvious, or wrong.
-
Rob Stowell, in reply to
Why comment the code?
Isn't it a bit like tagging :)
But having heard a programmer mate's diatribe on the subject (he's had to re-work a lot of other people's coding) it's not always obvious why it's wrong. Not that the comments necessarily help - often just make muddy water muddier. -
Michael Homer, in reply to
nor does it look like the files would have been able to be seen by a typical member of the population using the ordinary tools available to browse the web.
You could have ended up there just by using a (quite) old web browser and trying to visit Labour's main website. It's just borderline-criminal incompetence on the part of the people running the sites (and if only the Privacy Act had any teeth...).
-
BenWilson, in reply to
Also, as these people found out if someone, like a bank, makes an error and you exploit it to steal, then it’s still theft.
Yup - that kid who deposited a Jaffa packet into an ATM when I was a kid was definitely well aware that it wasn't kosher. I'd tell you how I know, but it's a long story that should not be told on the internet. To me, the main thing I learned was that hacking is not exactly the work of geniuses, the way it's always shown in Hollywood. The only "successful" fraudulent hacker I've ever known was an old mate who couldn't pass Computer Science 100 no matter how much I helped him with the assignments.
He only didn't get busted because the bank didn't press charges. I'm sure the evidence they had would have been pretty damning.
-
Rich Lock, in reply to
So when HAL tried to kill Dave, he was right, it was actually all down to human error.
Well, the book explains that HAL malfunctions because he is unable to resolve a conflict between his general and known-to-the-crew orders that require him to to relay information accurately, and a second set of secret orders requiring that he withhold information from Bowman and Poole regarding the true purpose of the mission (a pre-launch experiment where humans were made to believe that there had been alien contact revealed deep-seated xenophobia, which was unknowingly replicated in HAL's constructed personality. Mission Control did not want the crew of Discovery to have their thinking compromised by the knowledge that alien contact was already real, and withheld the information from the crew).
HAL reasons that with no crew, he would not need to lie to them, so he kills them. So, yeah, human error.
Um, yeah, -
BenWilson, in reply to
Um, yeah
So the book leaves it nicely ambiguous as to whether HAL is actually protecting his own sentience purely out of self interest, or just following programming, and pretending to be afraid as Dave turns his brain off, as a ploy that might work against a mere meat machine (and Dave does the whole thing implacably like a machine would ... nice irony)?
-
Brent Jackson, in reply to
Why comment the code? It’s either obvious, or wrong.
There is an awful lot of code that is not obvious, and also code that appears wrong but isn't. Both of those cases benefit from comments.
-
izogi, in reply to
As long as the comments match the code. I've seen plenty of code where that's not the case. :)
-
SHG,
You know what I think happened?
Someone saw Clare Curran asking for help with “Droopol” on twitter
https://twitter.com/clarecurranmp/status/67917487261495296
and thought “Clare Curran’s doing something on the web and will fuck it up because Clare Curran, so let’s dig around and see what her pet projects are right now, and if Labour is about to launch any new websites or if it has registered any domains recently”.
-
BenWilson, in reply to
Both of those cases benefit from comments.
I hope you realize I was joking. The idea that designers should be treated as infallible and their intentions unimportant struck me as quaint, like old sci fi depictions of AI are. To me, the intention of authors is still something that is important.
I personally probably over-comment my code, just like I do with my other writing.
Post your response…
This topic is closed.