Well, in criminal terms, that's "vandalism", as a Tort, might be considered "trespass to chattels" (warning: IANAL). Withholding a password is not "vandalism", and I think that would be even more of a stretch than the "anti-hacking" statute under which he was convicted.

But they are the providers of the "service", not the intended beneficiaries of it. I think that's an important legal distinction to make -- there's no evidence that Terry ever targeted the users of the network with any kind of malicious intent. It was merely a scuffle amongst the providers of the service, something that happens all the time in workplaces. Even if he had remained in the employ of the City of San Francisco, he could have -- and reportedly did -- keep information about the particulars of the network, its architecture and its configuration, from other administrators and his management. This happens every day in workplaces all across the U.S. and in fact the world. No-one is compelled to disclose everything they know about their work, at the request of anyone and everyone who works in the same place. While a secretive, distrusting and/or insular employee may be grounds for disciplinary action, up to potentially -- actually, as it turns out in Terry's case -- termination, having "special" knowledge about the network, and not sharing it, is not "hacking" and not criminal.

I think the main disconnect here is that people view passwords as disconnected facilitators of "access" (however that is defined), more analogous to a physical key than to a piece of information. But I see those passwords as being at the end of a continuum of "special knowledge" that one may have about a network, or some other IT system, whether it be Operating System, application, or network infrastructure. What use would it be to give someone a password to a network infrastructure device, but they have no clue how to configure it, how to troubleshoot problems, how to even understand the role that the device plays in the overall infrastructure? Having the password to a router, a switch, a fiber concentrator, or whatever, doesn't mean you can do anything useful with it. So the threshold isn't just "password", in practical terms it's "password + other special knowledge necessary to do something useful with that access". Certainly Terry had "special knowledge" about FiberWAN that he wasn't willing to share with his co-workers or management. Passwords were only the tip of the iceberg. But to criminalize this behavior threatens to drill deep into the iceberg to other forms of "special knowledge" that workers withhold from each other and from their management on a regular basis. That's why it's such a dangerous ruling, and why it has vastly overextended the concept of "hacking", which is about protecting the society at large from the malicious actions of individuals against electronic systems.

It didn't block them; it merely failed to facilitate the handoff process. That's another important legal distinction -- between acting and failing to act. I think it's stretching the concept of "hacking" way too far when someone who declines to act can be held criminally liable. There are some examples of so-called "duty to assist" laws (look it up) on the books, where someone can be held liable for not lending their (minimal) assistance in an emergency or while a crime is being committed, but as far as I know, no such law exists in California, and, in any case, to return to the point, Terry wasn't convicted of a failure to assist the City of San Francisco to maintain and secure their network; he was convicted of "hacking" it, framed in terms of "denying service to authorized users". That -- like DDoS'ing the management ports -- implies an affirmative malicious act, not merely a "failure to assist".

I don't think it was reasonably applied. The obvious intent of the statute was to criminalize actions by person A, interfering with a network or system of organization B, which ultimately delivers (or doesn't deliver, if it's interfered with) services and/or content to user community C. But in this case, person A was part of organization B. He was on the inside, not the outside, had no malice towards user community C, and simply had a disagreement with other members of the organization about how best to deliver services. AFAIK, no evidence was ever presented that the end-users were affected by any of this (except later, as a side-effect of the City's incompetent attempts to "fix" the "damage").

What I think sticks in the craws of most of us IT professionals, especially those in the network area, is the absence of evidence that Terry himself denied "service" to anyone for whom the FiberWAN was ultimately supposed to benefit. The only "service" that was denied was to those who disagreed with Terry's methods and ended up being his accusers. This smacks more of a petty reprisal against Terry than the legitimate complaint of someone who has been hacked. These are not innocent victims here -- they clearly had an axe to grind with Terry, and had the power of the whole city bureaucracy behind them to mete out punishment.

Normal workplace disagreements are not prosecutable as "hacking". Fire someone if you consider them to be secretive, distrustful, or that they don't work well with others. Sue them for monetary damages if you think they increased your operating costs by putting up unnecessary and/or unjustified obstacles to an orderly handoff of responsibility. But don't throw them into jail over it. Crimes are reserved for harm that people commit against the whole society, not just wrongs committed between individuals or by an individual against a particular department of a particular organization. Those don't warrant the stigma and loss of liberties than a criminal sentence entails.

We don't know for sure that the password was non-incriminating. Certain combinations of letters, numbers and/or symbols are criminal ipso facto (how soon we forget the "munition" crypto algorithm, expressible on a t-shirt or other relatively compact media?).

If some piece of information could be incriminating, generally speaking we give broad latitude for the holder of the information to invoke the Right Against Self-Incrimination, since to determine whether it's incriminating or not, one would have to divulge it, which is a Catch-22, since it might result in criminal penalties for the divulger. Of course, the way to cut through that Gordian Knot is for an agent with the power to do so to offer Limited Immunity, with respect to that particular piece of information. Free of any possibility of incrimination, the holder of the information can then be compelled to divulge it, in accordance with usual rules of testimony, production of evidence, etc.. As far as I know, no-one offered Terry any kind of Limited Immunity in this case.

Sorry to followup on my own post, but I neglected to mention the Free Speech aspect of this case. Free Speech means, in part, that (unless life or limb are in imminent danger, perhaps) one cannot be compelled to speak. But that's exactly what happened here. He was forced, by an "anti-hacking" statute, to utter something upon which he obviously preferred to stay silent.

Along Constitutional lines of thought, as a "what if" experiment, I wonder what would have happened if Terry had invoked his Fifth Amendment Right Against Self-incrimination. After all, there might have been something criminal in the passwords themselves (a terrorist plot, a threat against a head of state, an encoded fragment of a prohibited image). Could a mere California statute override the hallowed and vaunted federalRight Against Self-Incrimination? I guess we'll never know...

Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.

In any case, even if you could make a "property" argument, that's not the basis of his conviction. He wasn't convicted for stealing the city's "property". He was convicted under an "anti-hacking" statute. Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators, until they could complete their password-recovery procedures. That's clearly not the scenario that the statute was meant to cover, and this turned out to be an incredibly novel precedent for applying "anti-hacking" rules to a run-of-the-mill employer/employee confrontation.

I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better. Passwords, code optimizations, little quirks in configurations of various systems/subsystems, the list goes on. All of these are now potentially fair game for employers to force ex-employees to divulge, if they can make a plausible claim that -- however indirectly -- they are necessary to deliver services to their end-users. If the ex-employee refuses to comply, they're in violation of an "anti-hacking" statute. Silence = hacking. Wonderful.

What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on /. trying to rationalize his actions, and his vote.

I suspect, however, that some peer pressure was involved here, as often happens on juries (I know this firsthand from one of the juries on which I've served).

There's actually quite a bit of intersection between legal thinking and information technology-slash-programming. Law is, after all, a language, with its own syntax and rules of construction. Some statutes are practically algorithms, complete with if-then branching, etc. Legal opinions, even more so, since often they're just a stream-of-consciousness "brain dump" of how the judges/justices logically came to a particular decision/conclusion, given a set of facts and/or applicable statutes/precedents.

One should distinguish, however, between legal theory, which I find rather fascinating and have dabbled in amateurishly from time to time, and legal practice which is riddled with all sorts of human factors, psychology, empathy, gray areas, gamesmanship, showmanship, public speaking, having to facilitate, compromise, etc. and frankly turns my stomach...

Um, no. Things like life, liberty, freedom of speech/expression/religion etc. may be considered "natural" in the sense that they can be enjoyed even in the absence of society. But property rights are defined by exclusion, i.e. this is mine and not yours and I can enforce that with some help from my pals over there, and therefore require a "society" -- the government being the "pals over there" part of my simplistic description above -- in order to have any meaning or significance. Hence not "natural". No government, no property rights. You can't really have one without the other. If you posit some other form of enforcing ownership, such as a warlord, a tribe, a collective, a co-operative, etc. then that's just "government" by some other name and thus dissolves into mere semantic quibbling.

Libertarians and/or Ayn Rand loonies may disagree (vehemently) on this point, but most legal theorists don't.

Well, in Maryland at least, there are specific exceptions for law enforcement written into the statute itself

Another point to note is that these exceptions specifically contemplate that "interception of an oral communication" may occur with respect to the audio portion of a videotaping. This is another dent in the legal-ignoramus' claim -- I should perhaps repeat that IANAL, but at least I've informed myself somewhat on how the law works -- that Maryland is twisting its "wiretap" law to prosecute acts that it was never intended to cover. Obviously the law was intended to cover the audio portion of a video recording...

IANAL, but theoretically you could probably be charged once for each "communication" that you "intercepted". How many communications can your camcorder's microphone pick up at a soccer game? Do you have a parabolic dish for your microphone that you can point to people dozens or hundreds of feet away and pick up their conversations? Did you point it at 300 different people during the course of the soccer game? If you went to those extremes, in a state which has collectively decided on a 2-party-consent rule, maybe you should go away for a long time. You've deliberately and calculatedly committed hundreds of privacy violations, as defined by the consensus of the citizens of your state. Part of the price of living in a society is obeying the society's rules, or suffering the consequences if you don't. (You still retain your constitutional rights of course, and maybe an argument could be made in that direction).

Again, how many "communications" did you "intercept"?

That may be the common dictionary definition of the term "wiretapping", but it isn't necessarily the legal definition, and I don't think even the legal definition is relevant here, since Wiretap Law is just the generally-accepted title of the statute, which doesn't have any legal weight of its own. The statute in question (Maryland Courts and Judicial Proceedings Section 10-402), doesn't use the word "wiretap" at all: it talks about "intercept[ion] of any wire, oral, or electronic communication", and I think it's pretty difficult to deny that Graber intercepted an oral communication with his helmet-mounted microphone. Let's discuss/debate the more important factor in the case -- whether there was an "expectation of privacy" or not -- rather than get caught up in the semantics of the term "wiretap"...

Any decent judge is going to look at the intent of the alleged infringement, when assessing a Fair Use defense to a Copyright Infringement claim. The "amount and substantiality" factor is clearly there to prevent Fair Use from being used as a mere pretext for absconding with someone else's copyrighted material. But surely no reasonable person could think that Harry Reid`s wholesale copying of the website was intended to confuse people into thinking that Sharron Angle's "content" was actually his, could they? Those "extraneous" elements (color, layout, clip art, etc.) on Harry's website are, as asserted, only there to present a full and complete snapshot of Sharron expressions of her opinions and views, at a particular time, and therefore to comprehensively "expose" her politically. I can't see a judge confusing this with your run-of-the-mill copyright-violation case, where the gist of the allegation is that one person is trying to steal another person's intellectual property.

Did Harry benefit specifically from specific color schemes, designs, etc. on his "real Sharron Angle" website except through the Fair-Use-protected objective of maximizing the quality of his "criticism" and/or "comment" of her views and expressions thereof? That would be a very tough argument to make in a courtroom or legal brief, i.e. that in the course of commenting on and/or criticizing the political content of Sharron's original website, that he accidentally "stole" from her, in a way that was unconnected to his Fair-Use-protected expressions...

Only after binging first. They're strange that way.

No, of course I've never noticed that. No virtuous person would have knowledge of such things. Either that, or they're too busy looking at other things on those web pages...

Well, first of all, there is a distinction to be made between wants and needs. Beyond that, though, those that deny that government can meet the great majority of the needs of its citizens apparently are blind to the myriad ways in which government already meets those needs, most of which are taken for granted. I'm referring to national defense, clean air/water/food, a functioning economic system (including currency, trade, insurance, banking, enforcement of private contracts, etc.), a functioning transportation system, a functioning telecommunications system, and a long list of other services that government either provides directly to modern society, or at least created and maintains the structure by which private individuals can reliably provide these services to each other.

I don't think we have a consensus that using guns, in particular, is a "basic" freedom. Arguably, self-defense is a basic freedom, but that's more general and abstract than what you said.

console

1 /knsol/ Show Spelled[kuhn-sohl] Show IPA –verb (used with object), -soled, -soling. to alleviate or lessen the grief, sorrow, or disappointment of; give solace or comfort: Only his children could console him when his wife died.

Perhaps you meant "reconcile"?