Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Judge: No Privacy Expectations For Data On P2P Networks

Soulskill posted about a year ago | from the enjoy-your-prison-term dept.

Crime 230

An anonymous reader writes "A federal judge in Vermont has denied a motion to suppress evidence filed by three defendants in a child porn case. The three had alleged their Fourth Amendment rights were violated when police used an automated P2P query-response tool to gather information from their computers. That information subsequently led to their arrest and indictments. The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data."

Sorry! There are no comments related to the filter you selected.

well, of course (3)

turkeydance (1266624) | about a year ago | (#45404121)

nothing has ever been private on the internets.

but..... (5, Funny)

BreakBad (2955249) | about a year ago | (#45404251)

my privates have been on the internet.

Re:well, of course (5, Insightful)

Anonymous Coward | about a year ago | (#45404259)

Especially on a P2P network like Gnutella where you can do search by keywords and then directly view what people have on their computers. It's like hanging a poster in your living room of a child being abused and someone walking by seeing it. They made the materials available for the public to see. I hope more people who are into sick stuff like that make the mistake of having the files publically visible. Especially p2p users since given the nature of p2p they can also be slapped with a distribution charge which will add years to their sentence.

Open... (1)

Anonymous Coward | about a year ago | (#45404123)

... and shut case. Nothing to see here, move along.

Re:Open... (5, Insightful)

Impy the Impiuos Imp (442658) | about a year ago | (#45404339)

Yeah, I don't see what the issue is. They were sharing these files, or left them in folders their P2P software would automatically share.

The article shows the police went ot of their way to deliberately not download the files, presumably for 4th Amendment search reasons, though why even that would be a problem I don't know. They were deliberately and knowingly sharing those files.

Re:Open... (2)

camperdave (969942) | about a year ago | (#45404439)

It's a goose/gander precident thing. Now, when Disney puts its movies on a P2P site, they can no longer claim an Oops.

Re:Open... (1)

ShanghaiBill (739463) | about a year ago | (#45404687)

It's a goose/gander precident thing. Now, when Disney puts its movies on a P2P site, they can no longer claim an Oops.

Umm, no ... they would not be able to claim they are inadmissible as evidence in court. But that would not change the copyright.

Re: Open... (1)

Luthair (847766) | about a year ago | (#45405353)

I imagine they were trying to say that as Disney is the copyright holder and was doing the distributing then users are getting the files legitimately. While I agree in principle I don't know that it really follows from the ruling.

Re:Open... (2)

Bob9113 (14996) | about a year ago | (#45404973)

They were deliberately and knowingly sharing those files.

The "knowingly" part is the only question in my mind. From TFP:

had either inadvertently, or otherwise, made the information available for public download on a P2P network

"Inadvertently" is a big word. Does the same apply if there is a crack in your curtains through which the papers in your home can be seen? Or, as others have pointed out, does the same apply when a well-connected corporation inadvertently exposes their data to the public? [slashdot.org]

Re:Open... (1)

hypergreatthing (254983) | about a year ago | (#45405295)

So hey just a question:
Isn't the entire internet a massive P2P network?

"Available for public download" - AT&T and Wee (4, Insightful)

sideslash (1865434) | about a year ago | (#45404167)

So when AT&T made their iPhone subscriber list "available for public download" that implicitly gave people on the internet permission to access this private information? Oh wait, they sentenced Weev to jail time for that [slashdot.org] . I'm so confused.

And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.

Re:"Available for public download" - AT&T and (4, Insightful)

NettiWelho (1147351) | about a year ago | (#45404191)

Silly peasant, aristocracy have their own set of laws and courts.

Re:"Available for public download" - AT&T and (2)

cold fjord (826450) | about a year ago | (#45404865)

They don't in the US, which is where Vermont is. They are likely to have better lawyers though.

Re:"Available for public download" - AT&T and (5, Insightful)

Jah-Wren Ryel (80510) | about a year ago | (#45404247)

And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.

Kiddie porn pirates are not the problem, the problem are all the people involved in the production. If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.

Re:"Available for public download" - AT&T and (4, Funny)

NettiWelho (1147351) | about a year ago | (#45404337)

If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.

I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.

Re:"Available for public download" - AT&T and (5, Insightful)

Jah-Wren Ryel (80510) | about a year ago | (#45404375)

I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.

I think the take-away here is that the MPAA and RIAA are steadfast in their support of kiddie porn producers.

Re:"Available for public download" - AT&T and (1)

dmbasso (1052166) | about a year ago | (#45404685)

I wonder how many of children are spared of abuse because the pervs had their impulses shunned by porn. Imagine if one day we discover that potential serial killers didn't act in the real world because they could express their anger / sadism / whatever in a virtual world, like in first person shooters.

I'm not trying to defend anything, just some food for thought.

Re:"Available for public download" - AT&T and (1)

noh8rz10 (2716597) | about a year ago | (#45405225)

How many kids got abused because pedos had their impulses inflamed by porn? And found a welcoming community of like-minded people to offer support, encouragement and advice? I think you're looking at this wrong.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45405415)

It's not a for-profit industry. Certainly, the Catholic priests weren't there for the money.

Re:"Available for public download" - AT&T and (1)

Anonymous Coward | about a year ago | (#45404271)

That is completely unrelated, that was a leak of information that was agreed to be held private by the contracts you agree to as a subscriber of their services. That guy essentially hacked the AT&T network. Yes it was their derpy techs who left the interface remotely accessible but just because you have the ability to obtain information does not mean you should and does not mean its legal. In this case they implied consent of making their information public by using that network, an AT&T customer did not imply consent of their information being made public.

AT&T iPad leak = Security Vulnerability Exploited
This = Disgusting pervs who are too lazy to use vpns and other means to hide their information

Re:"Available for public download" - AT&T and (4, Interesting)

Hatta (162192) | about a year ago | (#45404347)

In this case they implied consent of making their information public by using that network, an AT&T customer did not imply consent of their information being made public.

AT&T implied consent of that information being made public by not implementing any sort of authentication. From TFA:

"The evidence overwhelmingly demonstrates that the only information accessed was made publicly available by the IP address or the software it was using," Reiss wrote. "Accordingly, either intentionally or inadvertently, through the use of peer-to-peer file sharing software, Defendants exposed to the public the information they now claim was private."

Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.

Re:"Available for public download" - AT&T and (2, Informative)

Anonymous Coward | about a year ago | (#45404443)

IANAL, but there comes a point when every law reduces to some arbitrary judgment call. If I leave a box of donuts open in my closed (but not locked) office, I might expect coworkers not to eat any. On the other hand, leaving the same box of donuts in the break room makes that assumption unreasonable. In both cases, there is absolutely nothing stopping coworkers from getting to the donuts; society has decided that putting the donuts behind a door makes them my property, whereas putting them in the break room makes them everybody's.

Making something available via a Web server with no authentication is a bit like leaving the donuts in my office. Unless you checked, you wouldn't know they were there; I wasn't advertising their whereabouts. And even if you somehow knew they were there, the fact that I'm not advertising means that the social contract prohibits you from going and getting them without asking. The P2P network is a lot more like the break room - maybe you didn't know the social convention, but that doesn't suddenly mean you're entitled to complain about it. Learn from your mistake and move on.

Re:"Available for public download" - AT&T and (2)

Hatta (162192) | about a year ago | (#45404481)

IANAL, but there comes a point when every law reduces to some arbitrary judgment call.

A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently.

This discrepancy only demonstrates to what degree justice is lacking in the US. Justice is blind, but in the US corporations like AT&T get special treatment under the law.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404515)

A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently

That's an opinion. Another opinion is that these are two different kinds of services intended for two different kinds of uses. In the donut example, one might hold the opinion that all company tables are behind some company doors; ergo, there's no difference between donuts in your office and donuts in the break room. That's a valid opinion, but possibly not a widely employed social convention. I suggest that this case is analogous.

Re:"Available for public download" - AT&T and (3, Insightful)

Hatta (162192) | about a year ago | (#45404583)

Another opinion is that these are two different kinds of services intended for two different kinds of uses.

What exactly is the meaninful difference between the two services? Functionally, they are identical.

That's a valid opinion, but possibly not a widely employed social convention.

You know what is a widely employed social convention? That unauthenticated web services are free to use by the public.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404841)

That unauthenticated web services are free to use by the public.

That's something of an oversimplification. Certainly, there are many high-profile unauthenticated web services which are intended to be free for the public to use. However, this doesn't necessarily mean that all are. Similarly, there are plenty of closed doors which are perfectly fine for the general public to open (doors to stores, public buildings, hotel lobbies, etc.), while there are plenty of doors that are not.

The difference is also fairly analogous: it's alright to open a door, or access a server, if the existence is advertised and the intention broadcast. Otherwise, by opening the door or using the service, you're opening yourself up to blame. Note that this doesn't apply to the article since P2P software effectively advertises its existence and the use of P2P software implies consent to access the contents... much like putting a "free donuts inside" poster on my closed office door.

Re:"Available for public download" - AT&T and (2, Informative)

Anonymous Coward | about a year ago | (#45404979)

Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.

Re:"Available for public download" - AT&T and (1)

sugar and acid (88555) | about a year ago | (#45405323)

Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.

Of course their intent was not to incriminate themselves. But their intent was clearly to share this incriminating content publicly with other like minded kiddie-diddlers. Thus they made it public.

Your argument is like saying an illegal drug dealer that sells drugs to an undercover cop can't have the sold drugs used as evidence against him, because his intent wasn't to incriminate himself, but instead to sell the drugs to proper drug users.

Re:"Available for public download" - AT&T and (1)

Hatta (162192) | about a year ago | (#45404981)

Certainly, there are many high-profile unauthenticated web services which are intended to be free for the public to use. However, this doesn't necessarily mean that all are.

The widely employed social convention is that they are.

Similarly, there are plenty of closed doors which are perfectly fine for the general public to open (doors to stores, public buildings, hotel lobbies, etc.), while there are plenty of doors that are not.

Tresspass laws require you post notice.

Note that this doesn't apply to the article since P2P software effectively advertises its existence

How is entering "preteen" into a P2P app any different than entering(e.g.) "http://att.com/db/user=43265" into an URL bar?

the use of P2P software implies consent to access the contents

Using a web server implies consent to access the contents.

Re:"Available for public download" - AT&T and (1)

DutchUncle (826473) | about a year ago | (#45405275)

You have to post trespass notices in places that otherwise appear public; like posting notices on the boundaries of your undeveloped property where the property line would not be obvious (especially in a place where you don't construct a physical fence, like the woods) .

You do NOT have to post a trespass notice on your front door, or garage door, or shed door, whether you lock them or not. OTOH a visibly-marked store does not have to post a "non-trespass" notice on *their* door. The contexts in the physical world are well understood. In places where it is ambiguous - for example, in New York City there are patios and sections of building lobbies that are legally "public space" in trade for other floorspace (or height), or because there are restaurants/stores inside - the "public access" must be posted.

The context online is still not as well defined, certainly not to non-technical people. The use of passwords would be a clear demarcation.

Re:"Available for public download" - AT&T and (4, Insightful)

CanHasDIY (1672858) | about a year ago | (#45405031)

RFTS, dude:

The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data.

"inadvertently made public" == "did not intend to make public."

Intent has fuck-all to do with the ruling; per the judge, what these pervs did and what AT&T did are exactly the same thing.

Re:"Available for public download" - AT&T and (2)

CanHasDIY (1672858) | about a year ago | (#45405005)

Whoever this AC arguing with you is, they should really consider reading the summary before digging any deeper.

Specifically, the last sentence, where the judge states that intent has nothing to do with the ruling (admittedly fucked up, but it does technically legitimize weez's access of the files AT&T made public-facing).

Re:"Available for public download" - AT&T and (1)

_xeno_ (155264) | about a year ago | (#45405325)

Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.

Actually, probably not. There was an access control on the data in the weev case, as I understand it, it was just a brain-dead stupid one: your user agent. Basically, you could only pull the email addresses from the AT&T web server if you were using an iPad.

Which leads me to why I expect the two are legally different: when you put something up on a P2P service, they become searchable and not just accessible. Half of the point behind a P2P service is make it possible to find interesting files, the other is to make it possible to access them.

Due to AT&T's half-assed access control scheme, their files were not searchable by search engines. Which is probably enough to make the two cases legally distinct, but as with all legal speculation as Slashdot, IANAL.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45405411)

>AT&T implied consent of that information being made public by not implementing any sort of authentication.

Oh, yeah, sure, and leaving your front door unlocked is consent to have all of your possessions in your home taken.

Only on /. would a comment like yours be modded to +5, Insightful instead of being laughed out of the room.

Re:"Available for public download" - AT&T and (1)

sideslash (1865434) | about a year ago | (#45404463)

Are you saying that the pervs (I agree with the term if they are really users of C.P., which I don't know) were offering use of their p2p sharing resources for all purposes, including for law enforcement access? Because the way hacking laws are applied, the judge pays attention to the intent of the "maker-available" and not just to the question of whether it was published on the internet.

AT&T made their list available, the pervs made their media available. AT&T didn't want Weev to access (other people's) records. The pervs didn't want law enforcement to access their media.

It's not so different.

Re:"Available for public download" - AT&T and (5, Informative)

Zordak (123132) | about a year ago | (#45404531)

False analogy. This case is not controlled by copyright law. This is a fourth amendment case. Those two bodies of law have almost nothing to do with each other substantively (yes, there may be fourth amendment implications to how police investigate copyrights, but that's separate from the substance of copyright law). The question here is whether the defendants had a reasonable expectation of privacy in the data, not what they subjectively hoped people would do with it. If you grow weed in an open field, with a sign that says, "Cops don't look!" it doesn't matter that you subjectively intended to exclude police from seeing what was in the field. Your expectation of privacy, if you had any, was not reasonable.

Re:"Available for public download" - AT&T and (1)

Zordak (123132) | about a year ago | (#45404595)

(By the way, I'm referring to copyright law in terms of your "make available" argument, not weev.)

Re:"Available for public download" - AT&T and (2)

geekoid (135745) | about a year ago | (#45405111)

WeeV had to lie in order to gain access to the information.,
That's the difference.

Re:"Available for public download" - AT&T and (2)

91degrees (207121) | about a year ago | (#45404295)

It would potentially mean it could be used as evidence against people without a search warrant. It certainly mean it could be used as evidence against AT&T if it showed evidence of a crime since they were the ones who made the mistake.

Re:"Available for public download" - AT&T and (1)

thoromyr (673646) | about a year ago | (#45404681)

Shame I don't have mod points (they just expired). Please mod parent up.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404413)

you're an idiot, these dummies specifically shared kiddie porn onto p2p networks from their computers and the cops only trolled that data that was shared out

you want privacy, close your door

Re:"Available for public download" - AT&T and (1)

DaveV1.0 (203135) | about a year ago | (#45404449)

I don't think you understand what Auernheimer did. The database wasn't "available for public download" It was exposed due to poor design and poor security. This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.

Re:"Available for public download" - AT&T and (1)

Hatta (162192) | about a year ago | (#45404521)

The database wasn't "available for public download"

It most certaily was. Because the public did download it.

This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.

And what is the purpose of a web server?

Re:"Available for public download" - AT&T and (1)

onyxruby (118189) | about a year ago | (#45404761)

Are you even aware of the particulars of the script kiddie attack that Weev did to get that data? It wasn't published in any kind of manner where you could get it without prompting for it.

By your logic just because someone has something on a web server they are sharing it with everyone. Let me guess, you think credit cards and health records are fair game too?

Re:"Available for public download" - AT&T and (1)

DaveV1.0 (203135) | about a year ago | (#45404857)

This. Apparently Hatta doesn't understand what what Auernheimer did as well.

Re:"Available for public download" - AT&T and (2, Interesting)

Hatta (162192) | about a year ago | (#45404875)

Are you even aware of the particulars of the script kiddie attack that Weev did to get that data?

Weev wrote a script. In this case the police used "an automated P2P query-response tool". What's the difference?

By your logic just because someone has something on a web server they are sharing it with everyone

If you fail to put any authentication on it, then yes. How else is the web supposed to function?

Let me guess, you think credit cards and health records are fair game too?

If you post your credit card number on a public website, then yes it's totally fair game for me to download that information. Using that information to commit fraud is still illegal of course.

Re:"Available for public download" - AT&T and (1)

onyxruby (118189) | about a year ago | (#45405149)

I would love to see you try say that to a judge in a court of law with a straight face.

Re:"Available for public download" - AT&T and (1)

geekoid (135745) | about a year ago | (#45405173)

WeeV's script was a spoof to gain access.

"If you fail to put any authentication on it, then yes. How else is the web supposed to function?"
AT&Ts site DID have authentication. WeeV wrote a script to lie about who he was. i.e. spoof.

"If you post your credit card number on a public website, then yes it's totally fair game for me to download that information. Using that information to commit fraud is still illegal of course."

Only if by public you mean anyone can openly connect by design, then you are correct. Just being on a webserver that is used by the public is different.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404453)

I was just thinking that. Right on the money sideslash...

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404455)

So when AT&T made their iPhone subscriber list "available for public download" that implicitly gave people on the internet permission to access this private information? Oh wait, they sentenced Weev to jail time for that I'm so confused.

The entire intent of P2P sharing is "HEY GUYS I HAVE THESE FILES"

The intent of ATT wasn't "HEY GUYS I HAVE ALL THESE CUSTOMERS".

Re:"Available for public download" - AT&T and (1)

Hatta (162192) | about a year ago | (#45404575)

The entire intent of P2P sharing is "HEY GUYS I HAVE THESE FILES"

And if the files were accidentally shared? Then the intent was not there, and the police are commiting the same crime weev was convicted of.

The intent of ATT wasn't "HEY GUYS I HAVE ALL THESE CUSTOMERS".

And we're supposed to read AT&T's mind?

Re:"Available for public download" - AT&T and (1)

geekoid (135745) | about a year ago | (#45405191)

It doesn't require mind reading to know they don't want to having the files when you have to lie about who you are to get to them.

Re:"Available for public download" - AT&T and (1)

onyxruby (118189) | about a year ago | (#45404477)

Weev took advantage of a poorly secured access on their part. That is hardly the same thing as putting something on a peer to peer network. It's akin to saying that just because someone secured their house with screen doors that they were okay with people taking their contents.

Now you can fairly criticize AT&T for poor security, and you can certainly criticize Weev for taking their data and publicizing it, but try to keep the criticism grounded in reality, eh?

Re:"Available for public download" - AT&T and (1)

Hatta (162192) | about a year ago | (#45404505)

Weev took advantage of a poorly secured access on their part.

And the police here took advantage of poorly secured access on these guys P2P program. The only evidence that these guys intended to share this data is that the data was shared. The same evidence exists for AT&T's data.

It's the exact same thing.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404965)

It's akin to saying that just because someone secured their house with screen doors that they were okay with people taking their contents.

The problem with all these "crap locks/doors" analogies, is they fail to take into account the fact that the server is playing an active roll in giving me access to items that the owner of the server may or may not want me accessing. I think a better analogy would be a vindictive ex that still has access to your house. In that case, who is at fault? For all I know, the vindictive ex is perfectly within their rights to grant me access.

Pie analogy (1)

istartedi (132515) | about a year ago | (#45404577)

Leaving pie on a window sill to cool vs. giving away pies.

If I leave a pie on my window sill to cool, you don't have a right to steal it. That AT&T data sounds like the pie to me.

If I left a pie on a table in front of the house with a sign that said, "free pie for anybody who wants it", and a health inspector came by and cited me for distributing food in an unsafe manner and/or without a permit, that'd be like putting illegal data on a p2p network.

Re:"Available for public download" - AT&T and (0)

Anonymous Coward | about a year ago | (#45404661)

You telling me your name is slidesash and you like kiddie porn is different than ATT telling people you are slidesash and your account number with payment info is X.

ATT put someone else's info out there. These guys put their own out there.

Re:"Available for public download" - AT&T and (1)

geekoid (135745) | about a year ago | (#45405091)

You know they had to do spoofing to get that information, right?
In other words, they had to trick(lie to) the server into thinking they where the iPad owner.

If AT&T had simple left a file with all the info in it on a public site that any person could get to it, there would have been no legal consequences for WeeV

Re:"Available for public download" - AT&T and (1)

dunkindave (1801608) | about a year ago | (#45405343)

I haven't read the articles, just the summaries, but I did stay at a Holiday Inn Express last night, so here goes.

There is a significant fundamental difference between these two, as others has tried to express. In the Weev case, he had to figure out how to get to the data which was not directly accessible through normal links. The authorities charged him with hacking since it was an unauthorized access.

In the P2P case, the defendants had placed the files in a location that was both accessible and searchable, which implies consent.

So, by analogy, the Weev case is like a store with a bad push-button lock on the door that takes only a couple digits to open. Making the claim that "anybody could have walked up and entered that combination and gained entry" shows the problem with the "made available" defense for Weev. By that theory, if I guess your bank account password then I haven't broken any laws since anybody who entered the right credentials "could have accessed it". In the P2P case, it is more akin to a store having a public front section and a private back section, and the store owner accidentally put an illegal item in the front section where the police saw it. It doesn't matter that it was a mistake, it was in plain site, and therefore no warrant needed.

made the information available... (0)

Anonymous Coward | about a year ago | (#45404195)

"made the information available for public download..."

That is an interesting ruling. On that basis, all sorts of things would become legal.

Re:made the information available... (1)

gl4ss (559668) | about a year ago | (#45404219)

That is an interesting ruling. On that basis, all sorts of things would become legal.

yeah good luck arguing that madonnas music album with the screams is free to download though..

Re:made the information available... (2)

Qzukk (229616) | about a year ago | (#45404465)

all sorts of things would become legal.

(Un?)fortunately no, your government overlords are not held to the same laws you are. As an example, you'd be arrested if you went around looking in open windows. Cops can do that all they want.

Hold on (4, Interesting)

Hatta (162192) | about a year ago | (#45404231)

If you run a service on the internet, you have no expectation of privacy of the data you serve. That sounds reasonable enough. But why then was weev [wired.com] imprisoned for downloading data from a publically facing web server?

If weev can be imprisoned for computer hacking by using a publicly facing server in ways not intended by the owner, why aren't the police here facing similar charges?

Re:Hold on (5, Informative)

svanheulen (901014) | about a year ago | (#45404275)

Because that WAS the intention of the owner: to share their data with random, unknown 3rd parties. That's pretty much the entire purpose of P2P networks.

Re:Hold on (0)

Anonymous Coward | about a year ago | (#45404365)

But when you put data on a publicly facing server you obviously don't...

It sounds very much like utter shit to me. But I don't expect more of the US justice system. Yet another reason to stay out of that shit-hole of a country.

Re:Hold on (4, Insightful)

Hatta (162192) | about a year ago | (#45404379)

And what is the purpose of publicly facing web servers without authentication?

Re:Hold on (1)

Trepidity (597) | about a year ago | (#45404383)

But the court's decision doesn't argue that. It argues that intention is irrelevant, and there is no privacy expectation in this case even if the files were accidentally or otherwise unintentionally made available.

Re:Hold on (1)

vux984 (928602) | about a year ago | (#45404399)

Because that WAS the intention of the owner: to share their data with random, unknown 3rd parties. That's pretty much the entire purpose of P2P networks.

No. The intention of the owner, and the purpose of P2P was to share the files, not information about themselves.

You can argue that it is a natural function of the software, doing what it was designed to do, but that didn't get Weev anywhere either, now did it?

Re:Hold on (1)

CanHasDIY (1672858) | about a year ago | (#45404535)

Because that WAS the intention of the owner: to share their data with random, unknown 3rd parties. That's pretty much the entire purpose of P2P networks.

According to the summary, intent is non sequitur:

The judge held that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data.

inadvertently == no intent.

Re:Hold on (1, Insightful)

Fwipp (1473271) | about a year ago | (#45404289)

Well, if you share something on a P2P network, you intend for people to download it.
If you accidentally reveal a list of other people's sensitive information (because you're bad at the web), you arguably didn't intend to make that data publicly available.

Not meaning to side against weev or anything here, just pointing out a meaningful difference between the two.

Re:Hold on (1)

Hatta (162192) | about a year ago | (#45404409)

Well, if you share something on a P2P network, you intend for people to download it.

And if you post something on a web server and don't implement any authentication?

If you accidentally reveal a list of other people's sensitive information (because you're bad at the web), you arguably didn't intend to make that data publicly available.

What if I "accidentally" share my root directory on P2P and you download something. Should I be able to have you imprisoned under the CFAA?

Not meaning to side against weev or anything here, just pointing out a meaningful difference between the two.

I don't see any difference whatsoever. The two situations are exactly analogous.

Re:Hold on (1)

Fwipp (1473271) | about a year ago | (#45404523)

You don't see any difference between "Shit, we left some of our internal DB data accessible" and "I love downloadin things from this P2P network, huh I wonder what peer-to-peer means..." ?

Besides, this is a different legal question. It's not "are the cops breaking the law against hacking," it's "are the cops violating the 4th amendment?"

Re:Hold on (1)

Hatta (162192) | about a year ago | (#45404563)

You don't see any difference between "Shit, we left some of our internal DB data accessible" and "I love downloadin things from this P2P network, huh I wonder what peer-to-peer means..." ?

I don't see any difference between "Shit, we left some of our internal DB data accessible" and "Shit, I shared the wrong folder on my P2P app". There is no difference whatsoever.

Either you can infer intent from public availability or you cannot. You cannot have it both ways.

Re:Hold on (0)

Anonymous Coward | about a year ago | (#45405029)

So if I'd drop my credit card and someone glanced down and seen the number that makes it public domain and they shouldn't be held liable for credit fraud if they use it?

Re:Hold on (1)

Anonymous Coward | about a year ago | (#45405529)

So if I'd drop my credit card and someone glanced down and seen the number that makes it public domain and they shouldn't be held liable for credit fraud if they use it?

No but they shouldn't be held liable because they saw it.

Re:Hold on (1)

DarkOx (621550) | about a year ago | (#45404495)

You have to be pretty darn "bad at the web" to put stuff on a web server unintentionally. I doubt the guy in this article had any more intent to reveal what he was downloading and who he was than AT&T had to publish that customer list. He did publicly because he did not fully understand the nature of how the application worked, just like AT&T apparently did not understand how .htaccess, or or whatever the problem was worked.

Finally its not other people's sensitive information its AT&T's sensitive information at least that is what the Feds tell us whenever they ask them to hand it over to the DEA or the NSA.

Re:Hold on (1)

TWX (665546) | about a year ago | (#45404445)

Probably because weev's lawyers didn't do a good job arguing that by putting content on a public web server , AT&T was publishing it for all to see.

Analogies like printing free newspapers with this information at the bottom of page 36 and placing them in those hoppers on street corners could have been drawn; it's unlikely that very many people will get to page 36 and read the bottom, as that's usually buried among all of the crap advertising spots, but that information was made available in published form.

Re:Hold on (1)

geekoid (135745) | about a year ago | (#45405249)

They probably didn't argue that because that wasn't the case. Weev had to do spoofing to get the data.

Re:Hold on (1)

anagama (611277) | about a year ago | (#45404549)

There is a distinction between this and the situation in weev. It doesn't seem like a big distinction to people who are even vaguely familiar with URLs but to many legal professionals, a large percentage of whom are technically incompetent (the number of law offices I've seen running open access points or WEP encrypted wireless networks in my office building is pretty astounding). This isn't true for all in the legal community, and I'm sure it is getting less common as time goes by, but there are still a lot of people in the legal community who basically think of their computers as glorified typewriters their assistants use.

Anyway, Weev had to manipulate a URL to get the information. He even wrote a script to do this. We know that this is trivial, but to many in the legal community, that is high order hacking because if they can't just click it, it doesn't exist. The markup making the page is just gibberesh outside being interpreted in a browser and if you curl, awk, grep, and/or sed the text that makes up that page to extract info, you are obviously an elite hacker.

In contrast, the files offered up on a public P2P network can be obtained by clicking on them. You don't need to brush of your bash scripting skills to get them. So it is the difference between getting something with a click, and getting something by manual manipulation of a URL.

All that said, I agree with the poster above who quite insightfully wrote "silly peasant, aristocracy has its own set of laws and courts." http://yro.slashdot.org/comments.pl?sid=4437999&cid=45404191 [slashdot.org] In either case, if you make information available on a public web service of one sort or another, it really seems ridiculous to argue that people who use that public info should be punished (in this case, the police used the public info, in Weev's, Weev used the public info -- I think Weev, as much of an asshole as he is, shouldn't be in jail for that, and that here, the police weren't in the wrong).

Re:Hold on (1)

Hatta (162192) | about a year ago | (#45404597)

Anyway, Weev had to manipulate a URL to get the information. He even wrote a script to do this.

Police used "an automated P2P query-response tool".

Re:Hold on (1)

anagama (611277) | about a year ago | (#45405085)

Point taken.

Either the police and weev should be in jail, or both should be free. This is a good example of the double legal standard applied to pleebs and those in power.

Re:Hold on (0)

Anonymous Coward | about a year ago | (#45404673)

make menuconfig
*** Unable to find the ncurses libraries or the
*** required header files.
*** 'make menuconfig' requires the ncurses libraries.
***
*** Install ncurses (ncurses-devel) and try again.
***
make[1]: *** [scripts/kconfig/dochecklxdialog] Error 1
make: *** [menuconfig] Error 2 [youtube.com]

Re:Hold on (1)

thoromyr (673646) | about a year ago | (#45405303)

That is not the distinction you are looking for. The distinction is that AT&T was not accused of committing a crime and these guys have been. It might seem related until you understand something about the legal system: there are different rules for different things.

In the case of Weev, he accessed data without authority. (No, I haven't reviewed the case to see exactly what the charges were, but it was something along those lines). Weev was then accused of having broken a law (pertaining to unauthorized access).

In this case the defendents' attorney argued that the evidence was not collected properly and was thus inadmissable. It is not the case that the police were charged with unauthorized access (which charge would not hold for what I would hope are obvious reasons). There are restrictions on what and how evidence can be collected. This is one of the complaints frequently made by law enforcement: an assertion that criminals often go free because they have collected evidence improperly so that it cannot be admitted, or that they cannot collect evidence due to legal restrictions.

So, while these are related, they are two distinct issues not because of details of collection but because they are concerned with different parts of the legal process

Re:Hold on (1)

gnasher719 (869701) | about a year ago | (#45405095)

If you run a service on the internet, you have no expectation of privacy of the data you serve. That sounds reasonable enough. But why then was weev [wired.com] imprisoned for downloading data from a publically facing web server?

If weev can be imprisoned for computer hacking by using a publicly facing server in ways not intended by the owner, why aren't the police here facing similar charges?

Your argument is total rubbish. The "expectation of privacy" or lack thereof means that "weev" whoever that is probably was allowed to tell the world that a company is careless with customers' data. That doesn't give him any right to the actual data. It's private information. He can't get the right to download information belonging to X, Y, Z and over hundred thousand other people just because someone who is neither X, Y, Z or any of those other people makes a mistake.

Stupidity isn't the Crime... (0)

Anonymous Coward | about a year ago | (#45405477)

Stupidly, ATT put legal to possess, but private, information on a public server. Theft of that information still counts. If you left the keys in your car & someone stole it, it's still grand theft auto.

Headline wrong of course (4, Insightful)

Lando (9348) | about a year ago | (#45404233)

The ruling is on, "made the information available for public download on a P2P network" there are plenty of private p2p services. If you make your information available to everyone then of course the police don't need to go through red tape to get that information. Non-story

extended logic (0)

Anonymous Coward | about a year ago | (#45404403)

by this line of legal reasoning ..

it would be reasonable to assume this federal judge would/should hold the same legal opinion for copyright and intellectual property claims for similarly posted and freely downloadable material ..

Re:extended logic (2)

DaveV1.0 (203135) | about a year ago | (#45404885)

No, because the copyright holder didn't put the material out there.

There is still an "out" (1)

davidwr (791652) | about a year ago | (#45404541)

If the defendant can make a good case that despite reasonable precautions, his computer was p0wned and he was unaware of it, AND but for the p0wning his files would not have been accessible, then it would be similar to someone claiming to be my spouse letting the cops into "our" house, whereupon the cops found my stash of contraband laying around in plain sight.

I'm not sure what the case law in that situation is, but whatever it is, it would seem to apply to a case like this if the computer were p0wned.

Re:There is still an "out" (0)

Anonymous Coward | about a year ago | (#45404651)

If the defendant can make a good case that despite reasonable precautions, his computer was p0wned and he was unaware of it,

Yeah, but the defendant will be out of the job and on the sex offender list long before he gets a chance to argue innocence (or, "not-guilt" anyway).

Re:There is still an "out" (1)

Jody Bruchon (3404363) | about a year ago | (#45404931)

The National Juvenile Online Victimization Study in 2005 [missingkids.com] found that 100% of CP possessors whose cases were not dismissed or dropped were convicted, and 86% to 90% of the cases were guilty pleas (presumably with plea bargains.) Once you are accused of CP possession, you will almost always be convicted regardless of the facts and circumstances. If you fight it, you will be given many times the punishment of the plea bargain you turned down.

In other news... (5, Interesting)

sirwired (27582) | about a year ago | (#45404581)

In other news, the Police also do not need a warrant to attend your public meeting. They don't need a warrant to read the book you published on the rack of the local bookstore. They don't need a warrant to browse around your open store in the local strip mall.

And they don't need a warrant to download data you offered up to any member of the public and browse through it to find incriminating evidence.

Re:In other news... (1)

Anonymous Coward | about a year ago | (#45404649)

They do however need a warrent to access Slashdot. Thank goodness the stuff we write here is still secret and safe!

Here is my motion. (0)

Anonymous Coward | about a year ago | (#45404605)

As I load my gun with 3 bullets.

Re: Here is my motion. (0)

Anonymous Coward | about a year ago | (#45404911)

Only because I am insecure about my own sexuality.

apparently not even the editors RTFA.. (1)

Anonymous Coward | about a year ago | (#45404743)

the opinion [uscourts.gov] linked in the summary is in regards to the deportation of a mr. gupta and has absolutely nothing to do with the case described in the summary.

South Park (0)

Anonymous Coward | about a year ago | (#45404859)

Didn't South Park have an episode parodying the idea of privacy in a public space?

hash value collision with kiddy porn file? (0)

Anonymous Coward | about a year ago | (#45405177)

From TFA, it stated that the defendants had files with the same hash value as known kiddy porn files. Now I know a hash collision is unlikely, but by its very nature it is possible. Since they did not download the file, how can they claim to have probable cause? That's kind of scary...

Re:hash value collision with kiddy porn file? (1)

blueg3 (192743) | about a year ago | (#45405299)

It depends. From a technical standpoint, it's only reasonable to create MD5 collisions, and even then, it requires engineering both files. So, in many contexts, even MD5 collisions can be considered non-issues. A lot of P2P systems use SHA1 or SHA2, which alleviate even that problem.

Realistically, most jurisdictions don't actually trust that as evidence. A defense lawyer will ask exactly what you're asking, and then you'll be forced into the situation of explaining shadowy technical magic, which juries never like. Usually they find P2P-shared files by hash matches and then either download the files to confirm or pick the guy up and analyze his computers (which presumably contain the material). All of the evidence may not end up being presented in trial or in motions, though, depending on what's actually needed.

They just pled guilty (1)

Hobadee (787558) | about a year ago | (#45405481)

*Disclaimer* I did not read the article. (Anyone surprised)
By claiming that their 4th amendment rights were violated, they basically just pled guilty. The proper defense is "ZOMG some sicko hacked my WiFi!"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?