Legal Beagle by Graeme Edgeler

Read Post

Legal Beagle: Cameron Slater: computer hacker?

96 Responses

First ←Older Page 1 2 3 4 Newer→ Last

  • Sacha, in reply to Sacha,

    links presented on the surface

    This of course was the nature of Labour's error, but it would have been good to see a court test the limits, not some faceless police prosecution team.

    Ak • Since May 2008 • 19745 posts Report

  • mpledger,

    LB wrote:
    "For me, this subsection means that Cameron, who was, like the rest of us, authorised to go to Labour’s server to look at Labour’s website, was not committing a crime by looking at the other files that Labour had left open to view on their server."

    If a person follows links and sees a webpage they shouldn't then that ought not to be a crime.

    But, if they then actively download the file for storage on their own system (i.e. not cached but actively saved) knowing it was not something they should not have access to than that is something different. (It breaks copyright at the very least.)

    But, IIRC, they needed an IT specialist to help them so it doesn't look like their access was in any way accidental nor does it look like the files would have been able to be seen by a typical member of the population using the ordinary tools available to browse the web.

    Since Oct 2012 • 97 posts Report

  • Stephen Judd, in reply to Sacha,

    Police (non)prosecutors are making decisions that are courts’ to make, not theirs.

    Police decide whether to prosecute based on the likelihood of winning all the time.

    Wellington • Since Nov 2006 • 3122 posts Report

  • Rich of Observationz,

    So if I mount an SQL injection attack on a bank, just for hoots and giggles, it isn't criminal, provided I have an account there and don't actually steal any money?

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Stephen Judd, in reply to Rich of Observationz,

    Some have argued that maybe, if you tell them and report the hole, they shouldn't shop you. Not saying I would argue that, mind, but that's the grey area of "security research" for you.

    Wellington • Since Nov 2006 • 3122 posts Report

  • Sacha, in reply to Stephen Judd,

    On untested law, they shouldn't be usurping the courts.

    Ak • Since May 2008 • 19745 posts Report

  • Russell Brown, in reply to Rich of Observationz,

    So if I mount an SQL injection attack on a bank, just for hoots

    You're saying Hooton is organising bank jobs now?

    Auckland • Since Nov 2006 • 22850 posts Report

  • Rich of Observationz,

    So the more serious S.240 of the Crimes Act sez:

    Every one is guilty of obtaining by deception … who, by any deception and without claim of right,—
    (a) obtains ownership or possession of, or control over, any property, or any privilege, service, pecuniary advantage, benefit, or valuable consideration, directly or indirectly…

    Is private information a “property, privilege or service”?

    [ Edited edit: not property R v Dixon, but a benefit, per the same case. ]

    And “deception” is defined as:

    (a)
    a false representation, whether oral, documentary, or by conduct, where the person making the representation intends to deceive any other person and—
    (i)
    knows that it is false in a material particular; or
    (ii)
    is reckless as to whether it is false in a material particular; or
    (b)
    an omission to disclose a material particular, with intent to deceive any person, in circumstances where there is a duty to disclose it; or
    (c)
    a fraudulent device, trick, or stratagem used with intent to deceive any person

    When does a method used to access data which the “owner” did not intend to be served publicly become a “fraudulent device, trick or stratagem”. And does one “deceive” a person by deceiving their computer?

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Lyndon Hood, in reply to Rich of Observationz,

    If I'm following, the owner didn't intend for it to be served publicly, but they didn't secure it. So you could just ask for files as 'a random computer on the Internet', no pretending required.

    Wellington • Since Nov 2006 • 1115 posts Report

  • Stephen Judd, in reply to Rich of Observationz,

    Thanks for that link! MOST interesting.

    Wellington • Since Nov 2006 • 3122 posts Report

  • BenWilson, in reply to Russell Brown,

    You’re saying Hooton is organising bank jobs now?

    Someone tell him that when the police come they can easily be repelled by yelling "I've got a gun".

    Auckland • Since Nov 2006 • 10657 posts Report

  • Sacha, in reply to Russell Brown,

    Those university fees are real steep.

    Ak • Since May 2008 • 19745 posts Report

  • Rich of Observationz, in reply to Lyndon Hood,

    There is a theory that because a computer program is a perfect embodiment of its owner’s instructions, most categories of computer misuse cannot be deception, as the computer evaluated those instructions and decided to grant permission.

    I don’t think the courts believe this one, unfortunately.

    Like you, I can’t remember exactly what’s being alleged in this case, but if it comes down to whether the methods being used by Slater were “deceptive”, then that ought to be a matter of fact for a court to decide.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Rich of Observationz,

    Also, just to make myself a bit clearer, I'd agree with Graeme that Slater is off the hook on the s.252 offence (as Dixon the bouncer would have been if he hadn't tried to sell the video) but that given Slater's for-profit website and "consultancy" activities, there was a benefit gained and hence a potential s.249 offence if dishonesty could be proven?

    (Also, s.249 upthread, not s.240)

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Rich of Observationz,

    Also, as these people found out if someone, like a bank, makes an error and you exploit it to steal, then it's still theft.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • BenWilson, in reply to Rich of Observationz,

    There is a theory that because a computer program is a perfect embodiment of its owner’s instructions, most categories of computer misuse cannot be deception, as the computer evaluated those instructions and decided to grant permission.

    That's deep. So when HAL tried to kill Dave, he was right, it was actually all down to human error. Also, there's only ever one truly correct document about the program specification - the machine code that is created. Why comment the code? It's either obvious, or wrong.

    Auckland • Since Nov 2006 • 10657 posts Report

  • Rob Stowell, in reply to BenWilson,

    Why comment the code?

    Isn't it a bit like tagging :)
    But having heard a programmer mate's diatribe on the subject (he's had to re-work a lot of other people's coding) it's not always obvious why it's wrong. Not that the comments necessarily help - often just make muddy water muddier.

    Whakaraupo • Since Nov 2006 • 2120 posts Report

  • Michael Homer, in reply to mpledger,

    nor does it look like the files would have been able to be seen by a typical member of the population using the ordinary tools available to browse the web.

    You could have ended up there just by using a (quite) old web browser and trying to visit Labour's main website. It's just borderline-criminal incompetence on the part of the people running the sites (and if only the Privacy Act had any teeth...).

    Wellington • Since Nov 2006 • 85 posts Report

  • BenWilson, in reply to Rich of Observationz,

    Also, as these people found out if someone, like a bank, makes an error and you exploit it to steal, then it’s still theft.

    Yup - that kid who deposited a Jaffa packet into an ATM when I was a kid was definitely well aware that it wasn't kosher. I'd tell you how I know, but it's a long story that should not be told on the internet. To me, the main thing I learned was that hacking is not exactly the work of geniuses, the way it's always shown in Hollywood. The only "successful" fraudulent hacker I've ever known was an old mate who couldn't pass Computer Science 100 no matter how much I helped him with the assignments.

    He only didn't get busted because the bank didn't press charges. I'm sure the evidence they had would have been pretty damning.

    Auckland • Since Nov 2006 • 10657 posts Report

  • Rich Lock, in reply to BenWilson,

    So when HAL tried to kill Dave, he was right, it was actually all down to human error.

    Well, the book explains that HAL malfunctions because he is unable to resolve a conflict between his general and known-to-the-crew orders that require him to to relay information accurately, and a second set of secret orders requiring that he withhold information from Bowman and Poole regarding the true purpose of the mission (a pre-launch experiment where humans were made to believe that there had been alien contact revealed deep-seated xenophobia, which was unknowingly replicated in HAL's constructed personality. Mission Control did not want the crew of Discovery to have their thinking compromised by the knowledge that alien contact was already real, and withheld the information from the crew).

    HAL reasons that with no crew, he would not need to lie to them, so he kills them. So, yeah, human error.
    Um, yeah,

    back in the mother countr… • Since Feb 2007 • 2728 posts Report

  • BenWilson, in reply to Rich Lock,

    Um, yeah

    So the book leaves it nicely ambiguous as to whether HAL is actually protecting his own sentience purely out of self interest, or just following programming, and pretending to be afraid as Dave turns his brain off, as a ploy that might work against a mere meat machine (and Dave does the whole thing implacably like a machine would ... nice irony)?

    Auckland • Since Nov 2006 • 10657 posts Report

  • Brent Jackson, in reply to BenWilson,

    Why comment the code? It’s either obvious, or wrong.

    There is an awful lot of code that is not obvious, and also code that appears wrong but isn't. Both of those cases benefit from comments.

    Auckland • Since Nov 2006 • 620 posts Report

  • izogi, in reply to Brent Jackson,

    As long as the comments match the code. I've seen plenty of code where that's not the case. :)

    Wellington • Since Jan 2007 • 1142 posts Report

  • SHG,

    You know what I think happened?

    Someone saw Clare Curran asking for help with “Droopol” on twitter

    https://twitter.com/clarecurranmp/status/67917487261495296

    and thought “Clare Curran’s doing something on the web and will fuck it up because Clare Curran, so let’s dig around and see what her pet projects are right now, and if Labour is about to launch any new websites or if it has registered any domains recently”.

    nup • Since Oct 2010 • 77 posts Report

  • BenWilson, in reply to Brent Jackson,

    Both of those cases benefit from comments.

    I hope you realize I was joking. The idea that designers should be treated as infallible and their intentions unimportant struck me as quaint, like old sci fi depictions of AI are. To me, the intention of authors is still something that is important.

    I personally probably over-comment my code, just like I do with my other writing.

    Auckland • Since Nov 2006 • 10657 posts Report

First ←Older Page 1 2 3 4 Newer→ Last

Post your response…

This topic is closed.