"That guy got life in prison all for moving a knife about two feet in a certain direction! The system is corrupt!"
I wish people could be a little more honest in the way they describe computer crimes. He knew or should have known that that api was not meant for public use. He is being punished for using it despite this knowledge.
So even though he didn't do anything illegal with the data, you think it is criminal that he didn't obey some unwritten rule about using an API in that way? If I wrote a script to scrape 10 million e-mail addresses from usenet, am I a felon because usenet isn't supposed to be used that way? What if I just want to analyze the patterns or show the world how easy it is to scrape?
Seems to be a little more of a gray area, considering using is a service that IS publicly available and labelled as such. I don't find the two to be analogous, if that is what you are asking.
Why do you even ask that. Isn't it obvious from my post that I'm pointing out that overly charitable wordings are misleading? Do you honestly believe that someone could have the mental capacity to enter words into this site and be unable to perceive the distinction between these two crimes? Or were you just trying to score a cheap rhetorical point by intentionally misreading me?
And again, of wasn't just wrapping curl in a for loop. It was doing that with the knowledge that the target was not meant to be public, storing that information, and sharing it with the media.
Also, it wasn't murder, it was assault with a deadly weapon. The victim went on to make a full recovery but it was the defendant's third strike.
>It was doing that with the knowledge that the target was not meant to be public
AT&T's intent isn't really relevant. The fact is, they published all of those emails publicly. They certainly didn't mean to, but I fail to see how accessing public websites can be considered a crime, even if you access lots of them when the company doesn't want you to. If I forget to close my blinds before having sex, that doesn't make anyone who walks by on the street and sees me a criminal. Nor are they criminals if they take a picture and post it on reddit. It's your job not to expose that material publicly if you want it to be private.
>storing that information, and sharing it with the media.
Neither of these are acts that should be considered criminal, just as the storing and uploading to reddit of an embarrassing photo is not criminal. Would it still have been criminal if he had passed the bash one-liner to the media, instead? What's the difference? The responsibility for the leak still resides with AT&T, and them alone.
Now, none of this is to say that I condone of weev's actions. I certainly would have handled the situation differently. But being rude and being a criminal are not synonymous.
> AT&T's intent isn't really relevant. The fact is, they published all of those emails publicly. They certainly didn't mean to, but I fail to see how accessing public websites can be considered a crime, even if you access lots of them when the company doesn't want you to.
In the meatspace it happens all the time that you can get in trouble for being somewhere you're not supposed to even if they forgot to hit the locks on the way out.
Or for a possibly more relevant example, what happens in real life if you find an ATM that has an error such that it gives you twice as much cash as you asked for? Is it still theft if you take it? (Hint: Yes)
Should that equate to a felony here, where no authentication shenanigans were employed? I don't think so, but I wish we'd quit with the victim blaming here on HN.
I also wish we'd separate the enforcability of something from its morality or legality. There's many, many minor things wrong that people can do that even the current state can't hope to fully enforce, but that doesn't make it right, it makes it a fact of life. But if you do somehow get caught doing something that 99% of the rest manage to get away with, shame on you.
By the way, that ATM example wasn't made up: http://investorplace.com/2012/11/faulty-atm-gives-out-extra-... (the Bank opted not to try to find out which customers took the money, due to the difficulty with getting accurate evidence, not because it was right to take the money)
You're absolutely right, and I'd call that a failing of the law. Just because someone intends to create a system with some degree of security does not mean people who access said unsecured system should be considered criminals.
If AT&T didn't want to publish their users' data publicly, they didn't have to. But they did. Anything done with that data after that point is 100% their fault.
I wish people could be a little more honest in the way they describe computer crimes. He knew or should have known that that api was not meant for public use. He is being punished for using it despite this knowledge.